Crypto Scammers Used Google Search Ads to Steal $4M: Report
Image courtesy of 123rf.

Crypto Scammers Used Google Search Ads to Steal $4M: Report

Scammers employed a number of different methods to bypass Google's ad review process.
Neither the author, Tim Fries, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

Scammers have stolen over $4 million in crypto funds from users using deceitful websites they promoted through Google search ads, ScamSniffer reported on Thursday. Based on the number of affected users and the amount of money they spent to promote their malicious ads, scammers’ return on investment (ROI) was 276% over the past month.

How did Scammers Deceive the Users?

According to the Web3 anti-scam solution ScamSniffer, users have lost over $4 million after falling victim to crypto phishing websites promoted via Google.

In a Twitter thread posted on Thursday, ScamSniffer revealed that there had been a great number of malicious ad links to phishing websites on Google ad searches. These links lead users to fake websites, asking users to enter their login signature information, thus compromising their wallet addresses. Some of the most targeted crypto projects these ads target include popular decentralized finance (DeFi) protocols and brands such as, Lido, Stargate, Defillama, and Radiant, among others.

“When you open a malicious advertisement from Zapper, you can see that it attempts to obtain authorization of my $SUDO by using a Permit signature. Currently, many wallets do not have clear risk warnings for this type of signature, and ordinary users may think it is a normal login signature and sign it without thinking twice.”

– ScamSniffer said in the official post.

ScamSniffer says that scammers have used several techniques to circumvent Google’s ad review process. These include anti-debugging techniques, parameter distinction, and methods to manipulate the Google Click ID parameter, allowing scammers to display a regular webpage during Google’s ad review process.

Join our Telegram group and never miss a breaking digital asset story.

Scammers’ Return on Investment is 276%

Data analysis of addresses linked to fake websites advertised by scammers shows that around $4.16 million has been stolen from users over the past month. More than 3,000 users have been affected by the scams, according to ScamSniffer.

Based on an approximate conversion rate of 40% from 7,500 users clicking on the malicious ads, the money scammers spent to advertise the websites amounts to around $15,000. Since over $4 million was stolen, the scammers’ ROI has been around 276%.

Phishing attacks have been one of the popular techniques scammers use to steal crypto funds from users. The crypto space, particularly DeFi, remains one of the hackers’ favorite playgrounds, with over $3.7 billion stolen in 2022.

Finance is changing.
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

Have you personally noticed any suspicious crypto-related ads on Google lately? Let us know in the comments below.