A new report reveals that scammers stole over $3 million in cryptocurrency from victims this holiday season using fake crypto websites promoted through Google Ads.
The scammers created fraudulent versions of popular crypto platforms like Zapper, Lido, and DefiLlama and used Google’s advertising system to direct victims to their fake sites.
another victim lost $653K worth of WBTC, USDC, and WETH to phishing scams about 12 minutes ago.https://t.co/h7BujlL4Sb https://t.co/dsj0mE7Px4 pic.twitter.com/a3GhHEUGot
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 26, 2023
Once on the phony websites, victims were tricked into approving malicious transactions that drained their crypto wallets into the scammers’ accounts.
This scheme, known as a wallet draining scam, takes advantage of the token approval process on blockchains like Ethereum. The scammers used a service called MS Drainer to automate and enforce the unauthorized withdrawals.
According to blockchain security firm Scam Sniffer’s report on December 21, the scammers evaded Google’s ad screening practices by using regional targeting and frequently switching landing pages.
This allowed their ads to slip past Google’s auditing systems designed to detect phishing scams.
The report identified over 10,000 fraudulent sites connected to the MS Drainer service, with activity peaking in November.
In total, MS Drainer has siphoned nearly $60 million in crypto from over 63,000 victims since March 2023.
The service was marketed on hacking forums for a flat fee of $1,499, allowing anyone willing to pay to launch their own wallet-draining scam. Additional features could be unlocked for $699 to $999.
The developer of MS Drainer pioneered an unusual sales model compared to other wallet
Read more on cryptonews.com