Crypto Scammers Used Google Search Ads to Steal $4M

ScamSniffer Investigation 

ScamSniffer reported instances of phishing sites in Google ad searches. It found several Google ads that direct users to fraudulent sites. These sites were replicas of legitimate sites and prompted wallet login signature requests from crypto users. 

Many crypto users have entered their credentials, such as addresses and private keys. 3,727 victims together have lost over $4 million in cryptocurrency. 

Also, Check | Comprehending Metaverse Wallet Development

How Scammers Tricked the Users 

Scammers created URl replicas with slight changes, making it difficult for users to detect malicious links. Users clicking on these sites receive authorization requests to access their wallets. Many users share their login signatures and log in and fall prey to these scams. 

After receiving user data, scammers accessed their crypto wallets and stole their assets. 

Further investigation revealed that advertisers from Canada and Ukraine are linked to these phishing sites. 

These advertisers used multiple methods, including Google Click ID parameter manipulation, to bypass Google's ad review protocol. Scammers used anti-debugging techniques and parameter distinction to display authentic web pages during the ad review process. 

Check It Out | A Quick Guide to Advanced Cryptocurrency Wallet Development

Estimation of Stolen Dollars 

ScamSniffer analyzed the on-chain data from addresses related to fraudulent ad websites. The analysis revealed that over 3,000 crypto users have been affected by this scam. They lost approximately $4.16 million. 

Scammers deposited the funds to various exchanges and mixing services, including Binance, KuCoin, SimpleSwap, and more. 

According to ad analysis platforms, the average cost-per-click for keywords is approximately $1-$2. With a 40% estimated conversion rate, 7,500 users clicked on those ads. 

So, fraudsters spent approximately $15,000 on Google advertisements. It results in an estimated return on investment (ROI) of about 276%. 

Also, Visit | Secure and Efficient Crypto Exchange Development like Binance

Conclusion

A growing number of malicious phishing ads are deceiving Google's ad review process. Scammers are using technical means to bypass different authentication processes. It is causing significant harm to users. 

Google Ads needs to enhance its review process for web3 malicious advertisements. Also, users must be vigilant while browsing search engines and regularly block advertising content.

Avoiding suspicious links, installing anti-virus software, and using crypto wallets with strong security features can minimize the risks of such scams. 

Crypto exchange platforms can use also enhance their security features with two-factor authentications. Adding this feature may require you to opt for a service provider like Oodles. 

Our crypto exchange developers provide end-to-end solutions for crypto exchange development. Contact us today to discuss your requirements.