Friday, 27 June 2025; Kaspersky has detected new fraudulent websites targeting Ethereum users with false promises of crypto transaction fee (also known as gas fee) refunds. These fraudulent platforms trick users into sharing sensitive information, such as private keys, wallet credentials, or personal data, leading to theft of funds and identities. As Ethereum transaction volumes increase, so do the associated gas fees, creating an opportunity for cybercriminals to prey on users seeking cost relief.
Gas fees are the costs associated with processing transactions or executing smart contracts on the Ethereum blockchain. These fees, paid in Ethereum’s native cryptocurrency (ETH), compensate miners or validators for the computational resources required to maintain the network’s security and efficiency. The word “gas” is used because transaction fees measure the computational work required to process transactions or smart contracts, like fuel powering a vehicle.
Fraudsters send phishing emails inviting crypto users to claim compensation for their transaction fees. When users click on the link in the email, they are directed to websites set up by the attackers. Users are prompted to connect their wallets to get the refund. Afterwards the scammers use the wallet credentials to drain funds. Kaspersky has identified dozens of fraudulent websites.
Fraudulent websites may also misuse WalletConnect, an open-source protocol that allows users to securely connect their cryptocurrency wallets to 3rd party applications (dApps) via QR codes for seamless interaction with blockchain services. Users are prompted to connect their wallets under the guise of gas fee compensation, tricking them into approving malicious transactions that drain funds or expose sensitive information.
A fraudulent website inviting users to connect their wallets using the WalletConnect protocol.
“Crypto scams are particularly appealing to nefarious agents who exploit the rapid conversion of cryptocurrency to fiat money, leveraging ready-to-use third-party transaction applications and obfuscation techniques to mask their activities. These fraudsters capitalise on the trust users place in protocols like WalletConnect, deceiving them into connecting wallets or sharing sensitive data under false pretenses. The decentralised nature of blockchain, while revolutionary, provides fertile ground for such scams, making vigilance and robust security measures essential for users,” commented Olga Altukhova, Senior Web Content Analyst at Kaspersky.
Kaspersky urges Ethereum users to take the following precautions:
- Verify authenticity: always check website URLs for misspellings or unusual domains. Official platforms will not request private keys or wallet seed phrases.
- Use trusted sources: only engage with services recommended by reputable crypto communities or verified platforms.
- Enable Multi-Factor Authentication (MFA): secure your wallets and accounts with MFA to add an extra layer of protection.
- Leverage proven and tested security solution, like Kaspersky Premium to detect and block malicious websites in real time.
