Phishing scammers have recently resorted to deceptive tactics involving the cloning of reputable websites in the crypto space to dupe unsuspecting users into falling victim to wallet-draining schemes. Notably, the scammers have targeted the well-known crypto media outlet Blockworks and the Ethereum blockchain scanning service Etherscan.
In one instance, a counterfeit Blockworks website featured a fabricated “BREAKING” news article, purportedly detailing a multimillion-dollar “approvals exploit” within the decentralized exchange Uniswap. The article lured users into visiting a counterfeit Etherscan site, under the guise of assisting them in revoking approvals.
![Blockworks clone site steals crypto from wallets image 144](https://i0.wp.com/nosisnews.com/wp-content/uploads/2023/10/image-144.png?resize=1024%2C467&ssl=1)
![Blockworks clone site steals crypto from wallets image 144](https://i0.wp.com/nosisnews.com/wp-content/uploads/2023/10/image-144.png?resize=1024%2C467&ssl=1)
What’s particularly concerning is that the fraudulent Uniswap news article was shared on various crypto-related subreddits on Reddit, using compromised Reddit accounts to amplify its reach.
The phony Etherscan website, seemingly designed to serve as a token and smart contract approval checker, concealed a sinister agenda. Instead of fulfilling its claimed function, the counterfeit site was essentially a wallet-draining mechanism.
Upon scrutinizing the smart contract behind this wallet-draining operation, blockchain security firm Beosin discovered that the attacker’s aim was to siphon off wallets containing at least 0.1 Ether, which is equivalent to approximately $180. However, due to an operational error, the drainer failed to initiate a phishing transaction after users connected their wallets.
A closer look at the domains used in these fraudulent schemes reveals that the bogus Etherscan site, approvalscan.io, was registered on October 25, while the counterfeit Blockworks site, blockworks.media, was registered a day later.
![Blockworks clone site steals crypto from wallets image 145](https://i0.wp.com/nosisnews.com/wp-content/uploads/2023/10/image-145.png?resize=1024%2C466&ssl=1)
![Blockworks clone site steals crypto from wallets image 145](https://i0.wp.com/nosisnews.com/wp-content/uploads/2023/10/image-145.png?resize=1024%2C466&ssl=1)
These incidents of website cloning and wallet-draining are not isolated events. An October 25 tweet from the Web3 anti-scam platform Scam Sniffer exposed a similar wallet-draining operation on a fake website mimicking the crypto news outlet Decrypt. Notably, these two cases involving Blockworks and Decrypt are operated by distinct groups of scammers, emphasizing the persistence and diversification of such malicious activities in the crypto space.
![Blockworks clone site steals crypto from wallets image 146](https://i0.wp.com/nosisnews.com/wp-content/uploads/2023/10/image-146.png?resize=1024%2C1024&ssl=1)
![Blockworks clone site steals crypto from wallets image 146](https://i0.wp.com/nosisnews.com/wp-content/uploads/2023/10/image-146.png?resize=1024%2C1024&ssl=1)
The proliferation of these fraudulent schemes underscores the importance of vigilance and robust security practices when engaging in the cryptocurrency ecosystem. Users are urged to exercise caution and verify the authenticity of websites and platforms they interact with, as the crypto landscape remains susceptible to various forms of deception and malicious activities.
ALSO READ
- MetaMask Scammers Use Government Websites to Target Crypto Investors
- BlackRock Sues 44 Copycat Websites, Some Crypto-Related