Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Phishing scammers have been spreading fake news of a $37-million Uniswap exploit using a convincing fake Blockworks website.
Phishing scammers have cloned the websites of crypto media outlet Blockworks and Ethereum blockchain scanner Etherscan to trick unsuspecting readers into connecting their wallets to a crypto drainer.
A fake Blockworks site displayed a fake “BREAKING” news report of a supposed multimillion-dollar “approvals exploit” on the decentralized exchange Uniswap and encouraged users to visit a fake Etherscan website to rescind approvals.
The fake Uniswap news article was posted on Reddit across several popular crypto-related subreddits by seemingly compromised Reddit accounts.
The fake Blockworks website (left) shows a fake breaking news story of a Uniswap exploit compared to the legitimate website (right).
The fake Etherscan website, which displays a purported token and smart contract approval checker, instead contains a wallet drainer.
Blockchain security firm Beosin reviewed the drainer’s smart contract and told Cointelegraph the attacker hopes to drain wallets with at least 0.1 Ether (ETH), worth $180. However, the drainer is incorrectly set up, as “there is no phishing transaction prompted after a wallet is connected.”
The phishing website (left) compared to the legitimate Etherscan website (right).
Related: 85% of crypto rug pulls in Q3 didn’t report audits: Hacken
An age check of the domains shows the fake Etherscan site, approvalscan.io, was registered on Oct. 25, and the fake Blockworks site, blockworks.media, was registered a day later.
In an Oct. 25 X (Twitter) post, Web3 anti-scam platform Scam Sniffer showed that scammers had deployed a wallet drainer on a website cloning the crypto news outlet Decrypt.
the victim signed Uniswap Permit2 malicious phishing signatures like this pic.twitter.com/NcXIotokwL
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 26, 2023
Scam Sniffer told Cointelegraph that the faked Blockworks and Decrypt sites are, however, run by different scammers.
Magazine: Ethereum restaking — Blockchain innovation or dangerous house of cards?
Update (Oct. 27, 1:30 am UTC): This article has been updated with further information and comments from Beosin and Scam Sniffer.
Publication date
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.