Crypto fraudsters used Google search ads to steal $4 million: Report
Fraudsters have stolen over $4 million in crypto funds from users using fraudulent websites they promoted through Google search ads, ScamSniffer reported Thursday. Based on the number of affected users and the amount of money they spent promoting their malicious ads, the scammers’ return on investment (ROI) was 276% in the last month.
How did scammers trick users?
According to Web3 anti-scam solution ScamSniffer, users have lost over $4 million after falling victim to cryptophishing websites marketed through Google.
In a Twitter thread published on Thursday, ScamSniffer revealed that there had been a large number of malicious ad links to phishing sites on Google ad search. These links lead users to fake websites, asking users to enter their login signature information, thereby compromising their wallet addresses. Some of the most targeted crypto projects these ads target include popular decentralized finance (DeFi) protocols and brands such as Zapper.fi, Lido, Stargate, Defillama, and Radiant, among others.
“When you open a malicious ad from Zapper, you can see that it is trying to authorize my $SUDO using a Permit signature. Currently, many wallets do not have clear risk warnings for this type of signature, and common users may believe that is a common login signature and sign it without thinking twice.”
– said ScamSniffer in the official post.
ScamSniffer says scammers have used several techniques to bypass Google’s ad review process. These include anti-debugging techniques, parameter splitting, and methods to manipulate the Google Click ID parameter, allowing fraudsters to display a normal web page during Google’s ad review process.
Join our Telegram group and never miss a story about digital values.
Scammers’ return on investment is 276%
Data analysis of addresses linked to fake websites advertised by fraudsters shows that around $4.16 million has been stolen from users in the past month. More than 3,000 users have been affected by the scams, according to ScamSniffer.
Based on an approximate 40% conversion rate from 7,500 users who click on the malicious ads, the scammers amount to around $15,000. Since over $4 million was stolen, the fraudsters’ ROI has been around 276%.
Phishing attacks have been one of the popular techniques scammers use to steal crypto funds from users. The crypto space, especially DeFi, remains one of hackers’ favorite playgrounds, with over $3.7 billion stolen in 2022.
Economy is changing.
Find out how, with Five Minute Finance.
A weekly newsletter covering the major trends in FinTech and decentralized finance.
Have you personally noticed any suspicious crypto-related ads on Google lately? Let us know in the comments below.
About the author
Tim Fries is the co-founder of The Tokenist. He has a B. Sc. in mechanical engineering from the University of Michigan, and an MBA from the University of Chicago Booth School of Business. Tim served as a Senior Associate in the investment team at RW Baird’s US Private Equity division and is also a co-founder of Protective Technologies Capital, an investment firm specializing in sensing, protection and control solutions.