Scammers have targeted DeFi users who find it difficult to identify that they have clicked on malicious links due to slight changes to the official URLs.
In the latest wave of cybercrime, cryptocurrency users have lost more than $4 million in funds to crypto criminals. Many thefts were carried out through phishing sites advertised on Google Ads.
These fraudulent websites mimicked legitimate cryptographic platforms to trick unsuspecting users into entering their login credentials, private keys, or other sensitive information. Once the criminals obtained this information, they were able to access users’ cryptocurrency wallets and steal their digital assets.
ScamSniffer, a provider of anti-fraud services for Web3, has recently reported many malicious ads from phishing websites in Google ad searches. Over the past month, scammers saw a 276% profit from their illegal activities due to the number of users affected and the money they used to promote their fraudulent ads.
These bad actors have affected various decentralized finance protocols, websites, and brands, including DefiLlama, Lido, Orbiter Finance, Radiant, Stargate, and Zapper. Scammers have targeted DeFi users who find it difficult to identify that they have clicked on malicious links due to slight changes to the official URLs.
Regarding this problem, ScamSniffer has commented on the following:
“When you open a malicious advertisement from Zapper, you can see that it attempts to obtain authorization of my $SUDO by using a Permit signature. If you have installed the Scam Sniffer plugin, you will receive real-time risk alerts.”
Crypto Scammers Have Used Many Tactics to Perform These Scams
ScamSniffer reports that scammers have implemented a variety of tactics to circumvent Google’s ad review process, including manipulating the Google Click ID parameter, using anti-scrubbing techniques, and employing parameter distinction. These methods allow scammers to display a legitimate webpage during Google’s ad review process.
ScamSniffer’s analysis of addresses associated with fraudulent websites promoted by scammers reveals that cryptocurrency users lost approximately $4.16 million in the last month, with more than 3,000 people affected by the scams.
In addition, anti-scam measures tracked the movement of funds on the blockchain to different exchange and mixing services, such as SimpleSwap, Tornado Cash, KuCoin, and Binance. The scammers spent approximately $15,000 advertising their websites, getting a 40% conversion rate from 7,500 users who clicked on the malicious ads.
Metadata analysis of various phishing websites has connected the responsible advertisers with two main locations: Ukraine and Canada.
Increase in Phishing Attacks within the Crypto Space
Crypto criminals have previously exploited Web2 tools and services to steal funds from Web3 users. For example, in 2020, they hacked the Twitter accounts of high-profile figures, including Elon Musk, who asked users to claim free crypto tokens via links to a malicious website.
Fraudsters have frequently used phishing attacks to steal cryptocurrency funds from users. DeFi, in particular, remains a preferred target for hackers, with more than $3.7 billion siphoned off in 2022 alone.
In order to minimize the risk of falling victim to scams, ScamSniffer suggests that “users should exercise caution when using search engines and actively block content in the advertising area.” Likewise, Google Ads must “strengthen its review process for Web3 malicious ads to better protect users.”
By Audy Castaneda
