Crypto Users Lose $4M to Phishing URLs Promoted on Google Ads

• Over $4 million has been stolen from unsuspecting cryptocurrency users through phishing websites promoted via Google Ads.
• Data from Google Ads and blockchain analytics reveals malicious adverts for phishing URLs have been prevalent in recent weeks.
• Analysis of metadata from these websites suggests the attackers are located in Canada and Ukraine, with funds flowing to various exchanges and mixing services.

Cryptocurrency Users Lose Over $4 Million Through Phishing Scams

Cryptocurrency users have become the target of a large-scale phishing scam that has managed to steal over $4 million through malicious websites advertised on Google Ads. Data coupled with blockchain analytics reveals this worrying trend amongst scammers targeting unsuspecting victims who believe they are clicking on legitimate links.

Malicious Adverts Targeting Cryptocurrency Users

ScamSniffer, a web3 anti-scam service provider, has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites. Popular decentralized finance protocols such as Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance and Radiant have all been targeted by the scammers utilizing slight changes to official URLs in order to make it difficult for victims to identify if they’ve clicked on a malicious link or not.

Advertisers Bypassing Google Ads Reviews

Analysis of metadata from the phishing websites suggest that the advertisers responsible for placing these malicious adverts are located in both Ukraine and Canada. They use a number of methods in order to bypass Google’s ad review process including manipulating the Click ID parameter which allows them to show a normal page during reviews while redirecting those using developer tools enabled directly towards their malicious website instead of showing it during reviews as well.

Victims Losing Over $4 Million

On-chain data analysis from addresses linked to these malicious websites advertised on Google shows that over 3,000 users have lost around $4.16 million over the past month alone due funds being sent to various exchange and mixing services such as SimpleSwap, Tornado Cash, KuCoin and Binance making use of advertising analytics service platforms like Theseus Protocols’ AdTracer tracker which helps identify suspicious activity within ads campaigns quickly before funds can be withdrawn or exchanged into other cryptocurrencies so as not lose track of them completely.

Protecting Yourself Against Phishing Scams

It is important for cryptocurrency users who want protect themselves against falling victim to these schemes should always check URLs twice before clicking them even if they appear legitimate as attackers can also utilize similar domain names with slight variations like changing one letter or adding an extra word at the end etcetera so you should always double-check any URL you click even if it seems familiar just in case it is actually someone trying take advantage of you by posing as a legitimate service provider or company online!