Scammers use Google, X ads to steal $59 mn in crypto from 63K victims: Report

Representative Image (photo:IANS)


Scammers have used a wallet draining service called “MS Drainer” to steal nearly $58.98 million in crypto from about 63,210 victims over the past nine months, as per a new report.

According to blockchain security platform Scam Sniffer, the scammers used Google or X (formerly Twitter) ads to target victims with fake versions of popular crypto sites including Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radiant.

Wallet drainers are blockchain technologies that enable scammers to transfer cryptocurrency from a victim to the attacker without the victim’s knowledge, typically by manipulating the token approval process.

The researchers first became aware of MS Drainer in March. At the time, the SlowMist security platform team helped with the investigation.

In June, on-chain sleuth ZachXBT provided further evidence, uncovering a phishing scam called “Ordinal Bubbles” that was linked to the drainer, the report mentioned.

“After several friends around us clicked on search ads by mistake and were phished, we analysed the situation of malicious Google search ads and found that a fake Radiant ad was using them,” the researchers said.

They discovered nine different phishing ads on Google, 60 per cent of which used the malicious programme.

The researchers discovered 10,072 bogus sites that used MS Drainer. The activity of the drainer peaked in November and has subsequently dropped to almost zero.

Further investigation found that the MS Drainer developer used an odd marketing strategy. Unlike most wallet drainers, which take a percentage of scammers’ income, this one was advertised on forums for a flat price of $1,499.99. If a fraudster desired further features, the developer sold them additional “modules” for $699.99, $999.99, or comparable sums.

“As users, we should be extra cautious when seeing advertisements, always be skeptical before signing anything, and always verify whether we might be in the middle of a phishing attempt,” the researchers suggested.