A blockchain analytic platform revealed that over $4 million worth of crypto tokens were stolen from unsuspecting users who were victims of phishing sites promoted via Google Ads. ScamSniffer noted that malicious adverts from phishing websites have increased in most Google Ads search queries in recent weeks.
Increase In Malicious URLs
According to ScamSniffer, a blockchain security analytic firm, malicious promotions in Google searches have increased in recent weeks. The platform explained that the URLs on the search engine led to fraudulent sites tricking users into authorizing wallet login requests, compromising their crypto wallet addresses. Furthermore, several decentralized finances (DeFi) protocols, like Lido, DefiLlama, and Zapper.fi, have been targeted by malicious entities.
The blockchain security firm disclosed that a slight change to a brand’s URL makes it difficult for users to know they have clicked on a link to a malicious site. An assessment of the metadata of the phishing websites shows that most of these advertisers are from Canada and Ukraine.
In addition, the users who placed the malicious links deployed various strategies to bypass Google ad approval processes. Some of their plans include altering the Google Click ID parameter allowing the advertisers to show a regular webpage for the Google ad review process.
Moreover, the attackers often use an anti-debugging method that redirects users to the original website. By integrating a developer tool, the site will then direct users to the malicious website through a direct click.
With this method, scammers can easily sidestep Google ads review mechanisms. ScamSniffer estimates that $4.16 million must have been stolen from more than 3,000 crypto users in the past month based on on-chain data analysis from the websites linked to the malicious addresses.
The anti-scam platform traced the on-chain movement of funds to various crypto exchanges and asset-mixing services like Binance, KuCoin, Tornado Cash, and SimpleSwap.
A Lucrative Venture
According to ScamSniffer, the cost of advertising crypto-related phishing addresses is high. It added that the average cost per click for related keywords on the search engine ranges from $1 to $2.
With an estimated conversion rate of 40% from about 7,500 users clicking on malicious ads, the attackers spend roughly $15,000 on advertising which in most cases brings a return of investments of almost 270% considering the over $4 million stolen.
The Russian cyber security company Kaspersky recently stated that there had been a 40% year-on-year increase in cases of crypto-related phishing attacks throughout last year. According to Kaspersky, over 5 million phishing attacks occurred in 2022 alone.
In another development, regulatory agencies in the United States are deepening their efforts in the crackdown on crypto-related crimes. With the high-profile arrests of Anatoly Legkodymov, CEO of Bitzlato, and recently Sam Bankman-Fried, former CEO of crypto exchange FTX, the US government is in an all-out war against crimes in the digital asset industry.
The Department of Justice (DoJ) is at the forefront of the fight against crypto crimes with a series of operations to trace and investigate cases of illegal financial activities involving individuals and companies (including crypto players) in the United States. Meanwhile, the DoJ is interested in tackling fraud cases, ransomware attacks, and other digital extortion schemes.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.
