Over $58 million has been stolen via fraudulent Google and X ads in nine months.
The wallet draining service is named ‘Ms Drainer.’ Scammers use Google Ads to present fake versions of popular cryptocurrency sites like Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant.
These Decentralized finance (DeFi) sites allow for peer-to-peer transactions without the need for an intermediary like a banking partner for fund transfer.
The fake ads exploit the token approval process to transfer funds without the account holder’s consent.
How did Scammers go about this wallet drain?
ScamSniffer flagged the malicious crypto-stealing scam:
🚨1/ Alert: A ‘Wallet Drainer’ has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months. pic.twitter.com/ye3ob2uTtz
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
Users were led to sites that mimicked officially advertised platforms—hiding the links to the scam pages inside the promoted ads on Google Ads and X.
Both Google Ads and X should have robust policies of defending against these types of scams, however the scammers have managed to get around these safeguards.
MS Drainer was active on 10,072 fake sites, according to ScamSniffer, and impacted 63,000 victims.
The malicious draining tool was also active on X, presenting itself as a limited edition NFT collection called ‘Ordinals Bubbles’.
ScamSniffer said in a recent post, “It’s critical for ad platforms to strengthen checks and for users to approach ads with caution, verifying authenticity to avoid phishing traps. Stay vigilant!”
It’s critical for ad platforms to strengthen checks and for users to approach ads with caution, verifying authenticity to avoid phishing traps. Stay vigilant!
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
Other Crypto scams and exploits
Last month, Inferno Drainer stole over $70 million from victims before shutting down, as reported by Coin Telegraph. The scammers posted a final message to a Telegram group saying, “We hope you can remember us as the best drainer that has ever existed and that we succeeded in helping you in the quest of making money.”
Millions of crypto wallets were found to be at risk in November due to an overlooked code flaw in BitcoinJS. The flaw stemmed from insufficiently random key generation for crypto wallets. Those most at risk were users who created a crypto account before 2012.
Image Credit: Karolina Grabowska, Pexels.