Privacy-focused Google search competitor DuckDuckGo has been displaying phishing websites when searching for “Etherscan,” a popular Ethereum block explorer and analytics platform. The error poses significant financial risks to cryptocurrency investors.
On Sept. 11, Web3 anti-scam firm Scam Sniffer alerted DuckDuckGo users against an ongoing phishing attempt targeting Ether (ETH) investors.
DuckDuckGo search results show an Etherscan phishing website. Source: Scam Sniffer
Once a user clicks on any of the phishing websites imitating Etherscan, they are prompted to connect their MetaMask wallets — similar to what one would expect on the official Etherscan website.
The importance of verifying URLs before connecting crypto wallets
By unknowingly approving the connection requests, the user allows the hacker to withdraw funds from their wallet without further authorization.
Attackers also try to get fraudulent phishing websites ranked on other popular search engines, such as Google and Bing. While some may choose to trick the search algorithms to get organic ranking, others prefer to lure in victims through sponsored banner ads.
Source: Scam Sniffer
Scam Sniffer highlighted a recent incident on Sept. 10 in which a user lost over $520,000 worth of cryptocurrencies by unknowingly signing a phishing signature. According to the investigation firm, in August, over 9,100 victims lost about $63 million to crypto phishing scams.
Losses from phishing attacks increase by 215% in one year
One victim lost $55 million in Dai (DAI) in a phishing attack. Although the total number of victims decreased compared to 2023, the amount stolen increased by 215%.
Check out Cointelegraph’s guide on phishing attacks and how to prevent them.
In July, blockchain security firm SlowMist alerted against a large-scale phishing attack on the Telegram-linked blockchain platform The Open Network (TON).
According to SlowMist founder Yu Xian:
“The Telegram ecosystem is too free, and many phishing links — or bot forms — are spread through message groups, airdrops and other deceptive methods to lure away users’ TON wallets in batches.”
Xian noted that phishing risks on the Telegram messenger are higher for users with anonymous numbers, which are used to create Telegram accounts that are not tied to SIM cards.
Magazine: Proposed change could save Ethereum from L2 ‘roadmap to hell’