A Glitch or Deliberate: DuckDuckGo Presents Etherscan Phishing Website on First Page.
One victim losses over $520,000 worth of cryptocurrency assets to the attacks
Many DuckDuckGo users have seemingly fallen prey to phishing attacks targeting the search engine. A fake Etherscan site with the name “et-herscan” appeared just above the authentic Etherscan site, leading to massive cryptocurrency losses.
One particular victim lost over $520,000 worth of cryptocurrencies after unknowingly signing a phishing signature. These attacks work by luring unsuspecting cryptocurrency holders into approving connection requests to their Metamask wallets.
Unlike the authentic Etherscan site, the phishing site allows attackers to withdraw funds from victims’ wallets without further authorization. While some attackers manipulate search algorithms to achieve higher organic rankings, others use sponsored banner ads to lure victims.
Phishing Attacks on the Rise
On September 11, cryptocurrency security firm Scam Sniffer warned DuckDuckGo users about this phishing attempt. In an X post, they stated:
“🚨 Attention all DuckDuckGo users! The second result for ‘Etherscan’ is a phishing site. Your assets could be at risk from a simple mistake. Stay safe and alert! 🔍⚠️”
Google and Bing have also been targeted by phishing ads in recent months. Attackers use a crypto phishing kit called “Angel Drainer” to make their phishing sites rank high in SEO, luring victims to fake sites. Scam Sniffer noted that this same kit was previously used in a “supply chain attack on Ledger’s frontend components.”
While the total number of phishing attacks has decreased year over year, the amount of money lost has surged by 215%. This suggests that, although there are fewer attacks, the attacks have become more sophisticated and high-profile
How To Safeguard Crypto Assets from Phishing Attacks
As attackers grow more sophisticated, it is important to take crucial steps to protect one’s crypto assets. Always double-check the URL before connecting a crypto wallet. A misspelled URL is a clear and obvious sign of a phishing site.
If the rewards promised seem too good to be true, or a website guarantees “huge returns on investments,” it is most likely a scam. Many profit-seeking speculators fall victim to these traps because they fail to perform due diligence.
