A $60 million crypto scam exploits Google and X ads
2 min read
Over the past year, cybercriminals have utilized phishing schemes through malicious ads on major platforms like Google and X to steal millions in cryptocurrency assets. Cybersecurity researchers from ScamSniffer discovered that scammers employ ‘wallet drainers,’ with one prominently used in phishing ads.
According to a blog post, the company highlights that the initial identification of this drainer occurred in Google search ad phishing. Subsequently, it was identified in a series of X phishing ads disclosed by ZachXBT. In a recent assessment of ads within X’s feeds, the company observed that almost 60% of the phishing ads employed this specific drainer.
Between March and December, Scam Sniffer tracked approximately 10,072 phishing websites. The company also analyzed on-chain data associated with their phishing addresses, revealing that they pilfered nearly $58.98 million from over 63,000 victims in the past nine months.
What is the nature of wallet drainers, and how do they spread?
A wallet drainer functions by tricking users into approving malicious transactions, ultimately siphoning assets from their cryptocurrency wallets. Typically, this occurs when users interact with deceptive links within fraudulent advertisements, essentially falling victim to phishing scams. Recent instances of phishing scams employing the wallet drainer method include a series of phishing ads on X titled “Ordinals Bubbles” and fraudulent links leading to well-known crypto platforms such as DeFiLlama and Lido.
These phishing ads have become more sophisticated, employing redirect techniques that mimic official and authentic domains. However, these seemingly legitimate links redirect users to phishing websites. The blog post emphasizes, “Phishing scammers have utilized these drainers through various methods, including phishing ads, supply chain attacks, Discord phishing, Twitter spam comments and mentions, Airdrop Phishing, SimSwap attacks, DNS attacks, email phishing, etc., consistently targeting regular users with phishing attacks and resulting in significant asset losses.
What attributes make scammers prefer this wallet drainer?
Unlike other wallet drainers, this particular one does not levy a 20% fee on the scammers’ profits. Instead, the creators of this malware sell the source code for a fixed amount, providing additional value-added modules as optional extensions. The report highlights, “By targeting specific audiences through Google search terms and the X user base, they can identify specific targets and launch continuous phishing campaigns at a minimal cost.
