Unidentified persons launched a phishing advertisement for cryptocurrency projects in the Google search engine, with the help of which stole $4.16 million. This was noticed by a Twitter user under the nickname Scam Sniffer.
1/ 🚨 A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.
ScamSniffer has websites investigating multiple cases where users clicked on malicious ads and were directed to fraudulent.#PhishingScams #GoogleAds pic.twitter.com/vuKCgSuFnV— Scam Sniffer (@realScamSniffer) April 27, 2023
According to him, attackers disguise malicious links under the guise of legitimate sites of various projects such as Lido, DefiLlama, Zapper, Stargate, Orbiter Finance and Radiant.
2/ 🕵️♂️ Investigation into the keywords used by victims has uncovered numerous malicious ads at the forefront of search results.
Most users, unaware of the deceptive nature of search ads, click on the first available option, leading them to malicious websites. #Cybersecurity pic.twitter.com/kKtomcn3SB— Scam Sniffer (@realScamSniffer) April 27, 2023
After clicking on the link, the site requests a digital signature of the wallet, supposedly for authorization. In reality, this gives attackers access to the user’s funds.
“Many wallets do not have a clear risk warning for this type of signature. Users may think that this is a common [процедура] to log in and sign it,” explains Scam Sniffer.
Analysts managed to identify advertisers – ROMUS-POLIGRAPH LLC (Ukraine) and TRACY ANN MCLEISH (Canada). The total value of the ads placed by them is approximately $15,000.
The attackers were active last month. Almost 3,200 users have been victims of fraudulent sites at the time of writing, the damage amounted to $4.16 million.
Part of the funds received from the largest addresses was sent to SimpleSwap and the Tornado Cash mixer. Direct transfers to KuCoin, Binance and other exchanges have also been recorded.
According to Scam Sniffer, the attackers were able to bypass Google’s ad verification by using differences in domain name settings and preventing page cache debugging.
Back in October 2022, Binance CEO Changpeng Zhao reported that Google search results are promoting phishing sites aimed at cryptocurrency users.
Recall that in February, hackers stole $300,000 through a phishing site of a well-known Ethereum conference.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!