Users of the Terra network and its numerous DeFi platforms have been the target of a phishing attack being perpetrated using fake Google ads
The malicious ads are the first thing that pops up when users do a Google search on ‘Terra’
Over $4.31 million has been lost in the phishing attack
The funds were lost between April 12th and the 21st and transferred to a single address from 52 different transactions
Crypto users of the Terra (LUNA) network and its numerous DeFi protocols such as Anchor, Nexus, and Astroport, have become the target of a new phishing attack perpetrated using fake Google ads.
The phishing attack was identified and highlighted by the team at Slowmist, who also explained that numerous users of Terra lost close to $4.31 million in assets between the 12th and 21st of this month. Furthermore, the funds were transferred to a single address from 52 different transactions.
According to the SlowMist intelligence zone, numerous users on the Terra network had their funds stolen recently.
From 4/12 to 4/21, close to $4.31 million in assets were maliciously transferred to terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x3 from about 52 different addresses.
The Malicious Terra Ads Look like Legitimate Google Ads
The team at SlowMist has analyzed the phishing attack and concluded that it stems from Google ads that pop up at the top of searches by users looking to find Terra, Anchor Protocol or Astroport Finance. The SlowMist team shared the following screenshot to further demonstrate their findings.
The Fake Google Ads Will Prompt You to Connect to Your Terra Wallet
According to the team at Slowmist, the Google ads have links that look very normal. However, they redirect to a different domain that prompts users to connect their Terra wallets once clicked. They explained the sequence of events as follows:
These may look like normal ads and some even show the same domain names, but once you click on the link, the domain name actually changes. When clicked, it’ll prompt you to connect your wallet, however instead of connecting, users are asked to input their seed phrase.
The team at SlowMist recommends that users on Terra be extra cautious and avoid clicking on questionable links with questionable origins.