According to Cointelegraph, privacy-focused search engine DuckDuckGo has been showing phishing websites when users search for 'Etherscan,' a well-known Ethereum block explorer and analytics platform. This issue poses significant financial risks to cryptocurrency investors.
On September 11, Web3 anti-scam firm Scam Sniffer alerted DuckDuckGo users about an ongoing phishing attempt targeting Ether (ETH) investors. The search results on DuckDuckGo displayed phishing websites imitating Etherscan, prompting users to connect their MetaMask wallets, similar to the official Etherscan website. By unknowingly approving these connection requests, users allow hackers to withdraw funds from their wallets without further authorization.
Attackers also attempt to rank fraudulent phishing websites on other popular search engines like Google and Bing. Some use organic ranking tricks, while others lure victims through sponsored banner ads. Scam Sniffer highlighted a recent incident on September 10, where a user lost over $520,000 worth of cryptocurrencies by unknowingly signing a phishing signature. According to the investigation firm, over 9,100 victims lost about $63 million to crypto phishing scams in August alone.
Losses from phishing attacks have increased by 215% in one year. One victim lost $55 million in Dai (DAI) in a phishing attack. Although the total number of victims decreased compared to 2023, the amount stolen has significantly increased.
In July, blockchain security firm SlowMist alerted against a large-scale phishing attack on the Telegram-linked blockchain platform The Open Network (TON). SlowMist founder Yu Xian noted that the Telegram ecosystem is particularly vulnerable to phishing links spread through message groups, airdrops, and other deceptive methods. These risks are higher for users with anonymous numbers, which are used to create Telegram accounts not tied to SIM cards.