Monthly report attached - April 2023


Bad sites detected and shared with vendors for removal: 14


UrlScan IoCs
Balancer


Search Balancer (1996 hits in 30 files of 30 searched)

Search "(app-balancer|balancer-app|bolancer|balancer|balahcer|bqlancer|baIancer|balencer|baiencer|balancer-fi|balancer-fl|baiancer-fi|balencer-fi)" (1996 hits in 30 files of 30 searched)



As balancer is a common word and "Load Balancer" is often registered and present in subdomains alike, there is a lot to filter though, but the real number of scams is fairly low, about a dozen from almost 2000


Sneak Peek in my abuse inbox

Metamask, airdrop, walletconnect, etc:

Search "walletconnect" (13 hits in 8 files of 30 searched)
Search "trustwallet" (38 hits in 15 files of 30 searched)
Search "sushiswap" (47 hits in 16 files of 30 searched)
Search "pancakeswap" (159 hits in 28 files of 30 searched)
Search "metamask" (644 hits in 30 files of 30 searched)
Search "elonmusk" (305 hits in 30 files of 30 searched)
Search "coinbase" (2012 hits in 30 files of 30 searched)
Search "airdrop" (458 hits in 30 files of 30 searched)

jaw drop clip art - Clip Art LibraryTotal potential bad hits for the month ~44K

Search "(usdc|claim|coinbase|colnbase|c0inbase|c0lnbase|cornbase|coirbase|balancer|balahcer|bqlancer|baIancer|[a-zA-Z]*1inch[a-zA-Z]*|[a-zA-Z]*1inch-[a-zA-Z]|[a-zA-Z]*oneinch[a-zA-Z]*|a-zA-Z]*1-inch[a-zA-Z]*|a-zA-Z]*1-inch[a-zA-Z]*|[a-zA-Z]*1inch[a-zA-Z]*|[a-zA-Z]*pancakesw[a-zA-Z]*|[a-zA-Z]*pancakesv[a-zA-Z]*|[a-zA-Z]*pancokesv[a-zA-Z]*|[a-zA-Z]*pancokesw[a-zA-Z]*|[a-zA-Z]*pancakosw[a-zA-Z]*|[a-zA-Z]*pancakkesw[a-zA-Z]*|[a-zA-Z]*pancake5[a-zA-Z]*|[a-zA-Z]*uniswap[a-zA-Z]*|[a-zA-Z]*uniswap-[a-zA-Z]|[a-zA-Z]*unisvap[a-zA-Z]*|a-zA-Z]*unisvap[a-zA-Z]*|a-zA-Z]*uni-[a-zA-Z]*|[a-zA-Z]*unisvv[a-zA-Z]*|unlswap"|[a-zA-Z]*uniswap[a-zA-Z]*|[a-zA-Z]*uniswap-[a-zA-Z]|[a-zA-Z]*unisvap[a-zA-Z]*|a-zA-Z]*unisvap[a-zA-Z]*|a-zA-Z]*uni-[a-zA-Z]*|[a-zA-Z]*pancakesw[a-zA-Z]*|[a-zA-Z]*pancakesv[a-zA-Z]*|[a-zA-Z]*pancokesv[a-zA-Z]*|[a-zA-Z]*pancokesw[a-zA-Z]*|[a-zA-Z]*pancakosw[a-zA-Z]*|[a-zA-Z]*pancakkesw[a-zA-Z]*|[a-zA-Z]*uniswap[a-zA-Z]*|[a-zA-Z]*uniswap-[a-zA-Z]|[a-zA-Z]*unisvap[a-zA-Z]*|dapp|wallets|wallect|synchr|rectify|unlock|walet|1inch|airdrop|ethereum|walet|wallet|coinbase|uniswap|pancakeswap|liquidity|vvallet|metamask|metamaks|metemask|metamaks|paraswap|exchange|liquidity|kraken|bitso|dapp|sushiswap|sushlswap|sushisvv|opensea|polygon|walletconnect|waletconect|waiietconnect)" (44662 hits in 30 files of 30 searched)


Multiple offenders exposed and banned in Discord







Warnings issued Discord

Fake exploit
"IMPORTANT: AN EXPLOIT HAS BEEN DETECTED AND IS BEING MITIGATED BY OUR SECURITY TEAM, WE URGE ALL HOLDER AND SHAREHOLDERS TO SECURE THEIR ASSETS TO AVOID ANY FURTHER DAMAGE. "
i also made a blog post about it - so of anybody searches for this text in google they may find my warning https://spamreports.report/post/715835843550511104/scam-balancer




Fake Bals & Fake mint




419 scam


Fake apps Google play store taken down - just 1 this month

Just one crypto specific, others are mobile trojans that could steal your assets as well if a malicious actors takes control over a Mobile device.


18 GH pull requests (dot and metamask anti-phish repos) in April


https://github.com/dubstard



MetaMask/eth-phishing-detect Block 16 recent scam URLs 
#12426 by dubstard was merged 2 days ago Approved
 2
MetaMask/eth-phishing-detect Block some recent scams 
#12423 by dubstard was closed 2 days ago Review required
 1
MetaMask/eth-phishing-detect block scams targeting Balancer finance 
#12420 by dubstard was merged 2 days ago Approved
 2
MetaMask/eth-phishing-detect block scams targeting Ledger and Trezor 
#12407 by dubstard was merged 3 days ago Approved
 2
MetaMask/eth-phishing-detect remove FP discord-layerzero.netlify.app 
#12399 by dubstard was merged 4 days ago Approved
 1
MetaMask/eth-phishing-detect 1inch, Uniswap, Ledger, Trezor, Metamask, Airdrops 
#12396 by dubstard was closed 4 days ago Review required
MetaMask/eth-phishing-detect Block Fake 1inch, Uniswap, Ledger, Trezor, Metamask, Airdrops 
#12395 by dubstard was closed 4 days ago Review required
 1
MetaMask/eth-phishing-detect Block fake Trezor, Ledger, Metamask, Uniswap 
#12393 by dubstard was closed 5 days ago Review required
 1
MetaMask/eth-phishing-detect Block 151 scam URLs 
#12382 by dubstard was merged 5 days ago Approved
 1
MetaMask/eth-phishing-detect Block some scams 
#12381 by dubstard was closed last week Review required
 1
MetaMask/eth-phishing-detect Block some scams 
#12374 by dubstard was merged last week Approved
 2
MetaMask/eth-phishing-detect Block some scams 
#12373 by dubstard was closed last week Review required
 1
MetaMask/eth-phishing-detect Block some scams 
#12372 by dubstard was closed last week Review required
 2
MetaMask/eth-phishing-detect Block some scams 
#12368 by dubstard was closed last week Review required
 1
MetaMask/eth-phishing-detect Block scams imitating 1inch 
#12366 by dubstard was merged last week Approved
 1
MetaMask/eth-phishing-detect Block imitations of 1inch 
#12360 by dubstard was closed last week Review required
 1
MetaMask/eth-phishing-detect Block imitations of 1inch 
#12359 by dubstard was closed last week Review required
 1
polkadot-js/phishing Block 6 scam URLs 
#3284 by dubstard was merged last week Approved
 1
MetaMask/eth-phishing-detect Block scams targeting Balancer and Consensys 
#12356 by dubstard was merged last week Approved
 1
polkadot-js/phishing Block consensys.financial and meta-mask-official.com 
#3282 by dubstard was merged last week Approved
 2
polkadot-js/phishing block polkasttarters-ido.com 
#3278 by dubstard was merged last week Approved
 1
MetaMask/eth-phishing-detect Block 106 Scam URLs 
 blocklist requestIssue or PR requesting to addition to the blocklist
#12302 by dubstard was merged last week Approved
@deshvin@AlexHerman1
 3
MetaMask/eth-phishing-detect Block 115 scam URLs 
#12292 by dubstard was closed 3 weeks ago Review required
 1
MetaMask/eth-phishing-detect Block 60 scam URLs 
#12266 by dubstard was closed 3 weeks ago Review required

 1
MetaMask/eth-phishing-detect Block 61 scam URLs 
#12265 by dubstard was closed 3 weeks ago Review required


MetaMask/eth-phishing-detect Block 73 scam URLs 
#12237 by dubstard was merged 3 weeks ago Approved