According to Google Ads data and blockchain analytics, at least $4.16 million has been stolen from users who fell for malicious cryptocurrency phishing websites promoted on Google. Scam Sniffer, a Web3 anti-scam platform, published on its blog a report on Google searches, which suffered from cryptocurrency phishing and resulted in losses for more than 3,000 victims, most of which occurred in the last month.
Investigations by Scam Sniffer revealed that users clicked on malicious ads and were directed to fraudulent websites. Most of the so-called malicious ads come from Ukraine and Canada, including fake versions of popular platforms such as Lido, Defiliama, Zapper, and some other decentralized exchanges and websites.
1/ 🚨 A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.
ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites.#PhishingScams #GoogleAds pic.twitter.com/vuKCgSuFnV
— Scam Sniffer (@realScamSniffer) April 27, 2023
Slight changes to the official URLs of these popular platforms make it difficult for users to identify that they have clicked on malicious links.
Analysis of several relatively large fund collection addresses showed that some of the victims’ assets were deposited into SimpleSwap or the crypto-mixing platform Tornado.Cash, while some went directly to centralized exchanges like KuCoin and Binance.
Scammers employ several tricks to circumvent Google Ads rules
The users responsible for placing the malicious ads use several methods to bypass Google’s ad review process, tricking the review of Google ads, resulting in these advertisements being finally seen by users and causing serious loss. One of these methods involves manipulating the Google Click ID parameter, allowing attackers to show a normal webpage during Google’s ad review.
Additionally, based on an estimated 40% conversion rate from 7,500 users clicking on the malicious ads, the scammers spent about $15,000 to advertise the websites. The scammers’ return on investment has been roughly 276% since more than $4 million was stolen.
Scams and fraud continue to be rampant in the crypto space, and phishing attacks are a significant threat to users’ funds. Meanwhile, phishing is one of the most common methods scammers employ to steal cryptocurrency from users. With over $3.7 billion in thefts in 2022, the crypto space, and particularly DeFi, continues to be one of the hackers’ preferred playgrounds.
Therefore, users should be cautious when clicking on links, particularly those that appear in Google Ads or other search engines. It is essential to verify the authenticity of any sites that request sensitive information and to use only trusted platforms and exchanges.