Thank you @denmarkguy and @prydefoltz for the initial report on-chain.
(ie. "!PHISHING https://shortened-link-here")
The attacker (as usual) tried first on an account previously compromised in a past phishing wave but got my auto-reply. Therefore shortly after they switched to another compromised account that was not blacklisted (because not used to spam phishing links before).
After the report of phishing was sent in a comment, @keys-defender automatically started a parallel rescan of previous blocks in order to counteract the attack.
As usual, I'll spam their DB with thousands of fake credentials and keep you updated on this post as this attack evolves.
Take care,
@keys-defender
All seems quiet. The attacker didn't even try to use a different url shortener or change the endpoint that they use to submit the stolen credentials.
Are they finally getting tired of playing this game because they are not being successful anymore?