Crypto Phishers Lift $4 Million From Unsuspecting Users’ Pockets Using Google Ads

Summary:

• Ad data and on-chain analytics show that crypto phishers use websites promoted on Google to steal value for unsuspecting users.
• A report from analytics firm ScamSniffer said over $4 million has been stolen from more than 3000 victims, with phishing URLs more rampant in recent weeks from advertisers in Canada and Ukraine.
• The firm followed the money to wallets on trading venues like Binance and Kucoin.
• These scammers also leverage crypto tumblers like sanctioned Ethereum-based service Tornado Cash.

Crypto criminals have stolen over $4 million in crypto funds from users that have fallen victim to phishing sites promoted through Google ads following a recent surge in crypto phishing efforts.

The metadata analysis of the phishing websites in question has been linked to advertisers in Ukraine and Canada. Also, more than 3000 users have been targeted by these crypto phishers, a report from on-chain analytics outfit ScamSniffer said on Thursday.

1/ 🚨 A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.
ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites.#PhishingScams #GoogleAds pic.twitter.com/vuKCgSuFnV

— Scam Sniffer (@realScamSniffer) April 27, 2023

These scammers use various techniques like manipulating Google click ID parameters, allowing the attackers to show a normal webpage during Google’s standard ad review. The crypto phishers also leverage anti-debugging techniques which redirect users with developer tools to a normal website, enabling the scammers to bypass user security and system firewalls.

ScamSniffer’s report noted that crypto phishers are able to access sensitive user information with these phishing links and use these credentials to compromise digital wallets.

Crypto Phishers Make A Killing From Scamming DeFi Users

Google keyword data showed that scammers have targetted users interested in DeFi protocols and services like DeFi Llama, Lido Finance, Orbiter Finance, Radiant, and Zapper to name a few. These keywords topped the search list for malicious ads.

The cost of promoting crypto-related phishing websites is lucrative since the average cost per click for associated keywords is between $1 to $2, ScamSniffer’s report said. Crypto phishers made more than 260% in ROI while spending as much as $15,000 promoting these phishing links.

4/ 🛡️ Malicious ads employ several techniques to bypass Google's ad review process, including parameter distinction and debugging prevention.
These tactics allow them to deceive Google's ad review process and cause significant harm to users. #AdReview #Bypass pic.twitter.com/Mkpz2Uqeue

— Scam Sniffer (@realScamSniffer) April 27, 2023

Web 2 Platforms Leveraged For Web 3 Theft

This is not the first time crypto criminals have used Web 2 tools and services to steal funds from Web 3 users. In 2020, crypto phishers hijacked the Twitter accounts of several prominent personalities including Elon Musk, the billionaire who now owns the popular bird arm.

Verified accounts like Musk’s tweeted out phishing links asking users to claim free crypto tokens. Reports said that users lost unconfirmed amounts in Bitcoin (BTC).

Last month, the Twitter account of Circle CSO Dante Disparte published a phishing link with a fake USDC airdrop. The case highlighted again, how cybercriminals use Web 2 platforms to perpetrate Web 3 theft.