Fake Crypto Websites on Google Ads Drain $3 Million in Christmas Phishing Scam

Google has now removed over 800 of these fraudulent ads from its platform, but warns that more could be out there.

A new report has revealed that scammers stole over $3 million in cryptocurrency from victims this holiday season using fake crypto websites promoted through Google Ads.

The scammers created fraudulent versions of popular crypto platforms like Zapper, Lido, and DefiLlama and used Google’s advertising system to direct victims to their fake sites.

Once on the phony websites, victims were tricked into approving malicious transactions that drained their crypto wallets into the scammers’ accounts.

According to blockchain security firm Scam Sniffer’s report on December 21, the scammers have been using regional targeting and frequently switching landing pages to evade Google’s ad screening practices and slip past their auditing systems designed to detect phishing scams.

The report identified over 10,000 fraudulent sites connected to the MS Drainer service, with activity peaking in November.

MS Drainer Service Enables Widespread Crypto Scams Through Google Ads

For a price of $1,499, anyone could launch their own wallet-draining scam. Additional features could be unlocked for $699 to $999.

This allowed more people to get involved in this type of crime, resulting in over 63,000 victims since March 2023.

Rampant Threats in Decentralized Finance Require Heightened Vigilance

Now, yet another scam has reared its head, this time involving Google Ads.

Crypto Phishing Scam!

Just last month, the Inferno draining tool was retired after allegedly stealing over $80 million in crypto funds.

Earlier in March, the Monkey Drainer service likewise bowed out after siphoning an estimated $13 million.

Now, a new scam has emerged, this time involving Google Ads.

As cryptocurrency adoption grows, hackers are becoming more sophisticated in their techniques, involving social engineering and technical exploits.

Investors must remain vigilant against phishing and only utilize trusted platforms to manage their cryptocurrencies.

It is also the responsibility of digital advertising leaders like Google to enhance security measures that better detect and combat crypto scams at scale.

About Cybercriminals

Once users had entered their login credentials, the attackers would drain the funds from the victim’s account.

In some cases, the attackers even managed to steal the private keys of victims, giving them unrestricted access to their funds.

Ongoing Concerns and Preventive Measures

Google Ads’ security teams have been repeatedly alerted to the promotion of malicious sites, but the problem persists.

This ongoing issue highlights a significant gap in current digital advertising safeguards and the urgent need for enhanced security protocols.

Cryptocurrency users are urged to exercise increased caution in light of these developments. Verifying the authenticity of websites and the legitimacy of transaction requests is crucial in safeguarding digital assets against such phishing scams.

Advertisements to Lookout and Beware of

Google and X (formerly Twitter) are being warned about the increasing number of malicious crypto ads.

In April this year, ScamSniffer, a cyber security service released a report that crypto investors have lost up to $4 million (roughly 37,847 Pounds) by engaging with hoax links, sprawled all over the web. This information was extracted from analysing Google Ads data.

Leave a Comment