Skip to content

Crypto Users Lose $4M to Phishing Scams Via Google Ads

Cryptocurrency users have unknowingly lost over $4 million to phishing websites promoted using Google Ads. Data analysis from Google Ads and blockchain analytics has shown that users fell for these malicious websites, leading to substantial losses.

Google Ads logo
Google Ads logo

ScamSniffer Detects Malicious Phishing URLs on Google Ads

Web3 anti-scam service provider ScamSniffer has recently reported a surge in malicious phishing ads on Google. These ads direct users to fraudulent websites that request wallet login signatures, ultimately compromising users' addresses.

DeFi Protocols and Brands Targeted by Scammers

Scammers have targeted various decentralized finance (DeFi) protocols, websites, and brands, such as, Lido, Stargate, DefiLlama, Orbiter Finance, and Radiant. They employ subtle changes to official URLs, making it challenging for users to recognize malicious links.

Advertisers in Ukraine and Canada Linked to Phishing Websites

Metadata analysis of the phishing websites has traced back to advertisers in Ukraine and Canada. These individuals employ several techniques to evade Google's ad review process, including manipulating the Google Click ID parameter.

Scammers Bypass Google Ads' Machine Reviews

Other malicious ads use anti-debugging methods to redirect users with developer tools enabled to legitimate websites, while direct clicks lead to the malicious site. This tactic allows scammers to bypass some of Google Ads' machine reviews.

Over $4.16 Million Stolen from 3,000 Users in a Month

ScamSniffer's on-chain data analysis from addresses linked to malicious websites advertised on Google reveals that over $4.16 million has been stolen from over 3,000 users in the past month alone.

Stolen Funds Tracked to Exchange and Mixing Services

The anti-scam service traced on-chain fund flows to various exchange and mixing services, including SimpleSwap, Tornado Cash, KuCoin, and Binance.

According to ScamSniffer, promoting crypto-related phishing websites is lucrative, with the average cost per click for associated keywords ranging from $1 to $2. With a 40% conversion rate from 7,500 users clicking on malicious ads, scammers have spent about $15,000 on advertising, yielding a 276% return on their nefarious investments.

Kaspersky Reports 40% Increase in Crypto Phishing Attacks

Russian cybersecurity and anti-virus provider Kaspersky reported a 40% increase in crypto-related phishing attacks throughout 2022. The firm identified over 5 million phishing attacks last year.