Phishing fraudsters have devised a new scam, creating sham duplicate sites of crypto media outlet Blockworks and Ethereum blockchain scanner Etherscan, to dupe crypto users into connecting their wallets to a crypto drainer. Their deceitful tactics are centred around a faux news of a $37 million Uniswap exploit.
The counterfeit Blockworks site displays a forged “BREAKING” news report about an alleged multimillion-dollar “approvals exploit” on the decentralized exchange Uniswap. It then redirects users to a bogus Etherscan website to rescind approvals.
The counterfeit Uniswap news article was disseminated on Reddit across numerous crypto-related subreddits by seemingly compromised Reddit accounts. The sham Etherscan site, purporting to display a token and smart contract approval checker, instead houses a wallet drainer.
Blockchain security company Beosin analyzed the drainer’s smart contract. They reported that the attacker aims to drain wallets with at least 0.1 Ether (ETH), worth $180. However, the drainer is incorrectly set up as “there is no phishing transaction prompted after a wallet is connected.”
Web3 anti-scam platform Scam Sniffer revealed on Twitter that scammers had also deployed a wallet drainer on a website imitating the crypto news outlet Decrypt. However, Scam Sniffer confirmed that the faked Blockworks and Decrypt sites are operated by different fraudsters.
The fake Etherscan site, approvalscan.io, was registered on October 25, and the bogus Blockworks site, blockworks.media, was registered a day later.
Read Now: Avante Art and Yuga Labs partner to offer physical CryptoPunks for limited time