Scammers Create Spoof Websites Of Etherscan, Blockworks To Drain Crypto Wallets

Malicious actors have created spoof websites of crypto media outlet Blockworks and Ethereum blockchain scanner Etherscan as a new way to steal crypto from unwary victims.

The spoof Blockworks website shows a fake breaking news report of a multimillion-dollar approvals exploit on Uniswap, a decentralized crypto exchange platform, and entices users to a fake Etherscan website to bypass approvals.

The fake news article was shared on multiple crypto-themed subreddits by compromised accounts.

"Warning: Uniswap Approvals exploit ongoing; so far over $37m of user wallets have been drained. Anyone who has used Uniswap to trade MKR or any other cryptos within past 8 months are at risk," the Reddit post read, with a link to the Blockworks article.

The fake Etherscan site, which features a smart contract approval checker, actually contains a wallet drainer. The website, approvalscan.io, was just registered Wednesday and the spoof Blockworks site was created a day later.

But, it looks like they were not the only spoof sites malicious actors created.

On Wednesday, real-time web3 anti-scam platform Scam Sniffer reported that scammers had also executed a wallet drainer by website spoofing another crypto news outlet Decrypt. It later clarified that the actors behind this scam and Blockworks were different.

Website spoofing is one of the many modus operandi used by malicious actors. They create a website to mislead readers into thinking that they are accessing a legitimate site. It is actually created by a different person and totally not related to the legit organization.

Most often, spoof websites adopt the target website's design and in some cases, even have the same URL.

"Website spoofing takes advantage of naivete, fooling everyday users who think they are interacting with brands they know and trust. Because of this trust, users are less likely to take a second look at the website's URL," said Israel Mazin, CEO of real-time website spoofing protection platform MemcyCo.

Website spoofing has increased over the years. The data compiled by BrandShield, a supplier of brand protection technology services, reveals that some of the biggest retail banks in the U.K. are spoofed by fraudsters and cybercriminals. There were more than 1,590 illegitimate web domains of some of the U.K.'s largest providers of consumer banking services – Barclays, HSBC and Lloyds.

Last month, billionaire businessman Mark Cuban was a victim of a phishing scam that targeted his hot wallet, which was drained of almost $900,00. It could have gotten worse had he not prevented a $2.5 million loss by making a decisive move.

"I'm pretty sure I downloaded a version of MetaMask with some s**t in it," the 65-year-old, who was one of the main "sharks" on the reality show "Shark Tank," told DLNews. "MetaMask crashed a couple of times. I just stopped. Then you [DL News] emailed me. So I locked my NFTs on OpenSea. Transferred all my Polygon in the account."