Skip to content

Scammers steal $500k in crypto through Google Ads phishing attack

Scammers steal $500k in crypto through Google Ads phishing attack

Scammers reportedly stole $500,000 worth of cryptocurrencies over the past weekend using a new phishing attack that leverages Google Ads. 

According to Check Point Research obtained by Engadget, the scammers purchased Google Ads placements for their websites while mimicking popular crypto wallets, including Phantom App and MetaMask. 

The perpetrators designed the ads to mirror the URL of the original websites using domain names such as “phantonn.app,” which closely relates to the verified “phantom.app”.

Google Ads used by scammers to defraud victims. Source: Engadget.

The scammers then gained access to the victim’s passphrase once they visited the fake website and typed it in. Additionally, the scammers presented victims with a secret recovery phrase whenever they use the fake website to create a new wallet. 

The scam was designed so that the victim uses the recovery phrase to log in into the scammers’ accounts who also became beneficiaries of the fraud. 

Interestingly for MetaMask, the malicious website provided visitors with the option of importing an existing wallet in the process, giving the malicious actors access to the passphrase. 

The amount stolen was significant considering that Phantom App and MetaMask are some of the most popular wallets supporting Solana and Ethereum. 

The research indicates that the stolen amount was cross-referenced with Reddit forums, concluding that $500,000 was stolen. Notably, 11 wallet accounts containing crypto worth between $1,000 and $10,000 were also compromised. The funds have since been withdrawn.

Crypto space hit with more scams

This comes after several scams hit the cryptocurrency sector over the last few days. For example, a digital currency called Squid Token (SQUID) inspired by Netflix’s Squid Game launched in late October quickly skyrocketed but later turned out to be a scam.

At some point, the token hit the value of $2,860 per token Monday before losing all its value after the project’s unknown creators reportedly cashed out Squid tokens worth more than $3 million. At the same time, the project’s website, SquidGame.cash, is also inaccessible. 

[coinbase]

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account? Sign In

Services

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.