$4 million stolen through crypto phishing URLs

Data from Google Ads combined with blockchain analysis reveals that over $4 million has been stolen from users who fell for malicious phishing sites promoted on Google.

According to Web3 anti-scam service provider ScamSniffer, malicious ads for phishing websites have been prevalent on Google’s ad search in recent weeks. The URLs lead to fraudulent websites that ask for wallet login signature requests that compromise users’ addresses.

A number of decentralized finance (DeFi) protocols, websites and brands, including Zapper.fi, Lido, Stargate, Defillama, Orbiter Finance and Radiant, have been targeted by fraudsters. Small changes in official URLs make it difficult for users to identify that they have clicked on malicious links.

Analysis of metadata from a number of the phishing sites in question has been linked to advertisers in Ukraine and Canada. The users responsible for placing the malicious ads use a variety of methods to bypass Google’s ad review process. This includes manipulating the Google Click ID parameter, which allows the attackers to display a normal web page during Google’s ad review.

Related: Crypto-phishing attacks up 40% in one year: Kaspersky

Other malicious ads use anti-debugging methods to redirect users with developer tools enabled to a regular website, while a direct click takes users to the malicious website. This also allows fraudsters to bypass some of Google Ads’ machine reviews.

On-chain data analysis from addresses associated with malicious websites advertised on Google from ScamSniffer’s database suggests that $4.16 million has been stolen from over 3,000 users in the past month.

The anti-fraud service tracked on-chain money flows to various exchanges and mingling services, including SimpleSwap, Tornado Cash, KuCoin and Binance.

Using ad analytics platforms, ScamSniffer suggests that the cost of promoting crypto-related phishing sites is lucrative. The average cost per click for affiliate keywords is between $1 and $2.

Estimating a 40% conversion rate from 7,500 users clicking on malicious ads, fraudsters have spent around $15,000 on advertising which has yielded a 276% return on their malicious investment, given the $4 million stolen to date date.

A report by Russian cybersecurity and antivirus provider Kaspersky highlighted an increase in crypto-related phishing attacks through 2022, up 40% year-on-year with over 5 million phishing attacks identified last year.

Magazine: US law enforcement agencies turn up the heat on crypto-related crime