Crypt phishing URLs steal $4M via Google Ads

ScamSniffer's on-chain data from Google-advertised fake websites shows that over 3,000 customers lost $4.16 million last month.

Crypt phishing URLs steal $4M via Google Ads
Crypt phishing URLs steal $4M via Google Ads

The combination of Google Ads data and blockchain analytics reveals that more than $4 million has been plundered from victims of pernicious phishing websites promoted on Google.

According to ScamSniffer, a Web3 anti-scam service provider, malicious advertisements for fraud websites have dominated Google ads searches in recent weeks.

The URLs lead to fraudulent websites that provoke wallet logon signature requests that compromise the addresses of users.

Scammers have targeted several decentralized finance protocols, websites, and brands, including, Lido, Stargate, DefiLlama, Orbiter Finance, and Radiant.

Slight modifications to official URLs make it challenging for users to identify malicious links.

Several of the fraudulent websites in question have been linked to Ukrainian and Canadian advertisers based on an analysis of their metadata. The individuals responsible for the malicious advertisements use a variety of methods to circumvent Google’s ad review.

This includes manipulating the Google Click ID parameter, which enables attackers to display a standard webpage during Google’s ad review.

Other malicious advertisements employ anti-debugging techniques to redirect users with developer tools enabled to a normal website, whereas a direct click leads to the malicious website.

This also permits fraudsters to circumvent some of Google Ads’ automated evaluations.

ScamSniffer’s database of on-chain data from addresses linked to malicious websites advertised on Google suggests that over 3,000 users have had $4.16 million stolen in the past month.

The anti-scam service monitored the on-chain movement of funds to various exchange and blending services, such as SimpleSwap, TornadoBinance. Cash, KuCoin, and

Using advertising analysis platforms, ScamSniffer concludes that crypto-related fraud website promotion is profitable. Between $1 and $2 is the average cost per hit for associated keywords.

Assuming a conversion rate of 40% from 7,500 users clicking on malicious advertisements, fraudsters have spent approximately $15,000 on advertising, which has yielded a 276% return given the $4 million stolen to date.

Kaspersky, a Russian cybersecurity and anti-virus provider, predicted a 40 percent increase in crypto-related phishing attacks through 2022, with over 5 million phishing attacks identified in 2017.