Fake Crypto Websites on Google Ads Drain $3 Million in Christmas Phishing Scam

Trent Alan
Last updated: | 2 min read
Grinch holding stolen crypto after $3 million was lost to a Christmas phishing scam.
Scammers drained $3 million in crypto from victims this Christmas using fake websites promoted on Google ads. Image by Fareed Mindalano, DALL-E 3.

A new report reveals that scammers stole over $3 million in cryptocurrency from victims this holiday season using fake crypto websites promoted through Google Ads.

The scammers created fraudulent versions of popular crypto platforms like Zapper, Lido, and DefiLlama and used Google’s advertising system to direct victims to their fake sites.

Once on the phony websites, victims were tricked into approving malicious transactions that drained their crypto wallets into the scammers’ accounts.

This scheme, known as a wallet draining scam, takes advantage of the token approval process on blockchains like Ethereum. The scammers used a service called MS Drainer to automate and enforce the unauthorized withdrawals.

According to blockchain security firm Scam Sniffer’s report on December 21, the scammers evaded Google’s ad screening practices by using regional targeting and frequently switching landing pages.

This allowed their ads to slip past Google’s auditing systems designed to detect phishing scams.

The report identified over 10,000 fraudulent sites connected to the MS Drainer service, with activity peaking in November.

MS Drainer Service Enables Widespread Crypto Scams Through Google Ads


In total, MS Drainer has siphoned nearly $60 million in crypto from over 63,000 victims since March 2023.

The service was marketed on hacking forums for a flat fee of $1,499, allowing anyone willing to pay to launch their own wallet-draining scam. Additional features could be unlocked for $699 to $999.

The developer of MS Drainer pioneered an unusual sales model compared to other wallet drainers. Instead of taking a percentage of profits, MS Drainer charged fixed upfront fees to scammers.

This enabled the developer to earn substantial revenue while exposing third-party scammers to all the risks of getting caught and prosecuted.

Rampant Threats in Decentralized Finance Require Heightened Vigilance


This recent $3 million crypto phishing scam exploiting Google Ads is part of an alarming spike in wallet-draining hacking attacks within decentralized finance.

Just last month, the notorious Inferno draining tool was retired after allegedly stealing over $80 million in crypto funds.

Earlier in March, the Monkey Drainer service likewise bowed out after siphoning an estimated $13 million.

As cryptocurrency adoption grows, hackers are employing increasingly sophisticated techniques involving social engineering and technical exploits. Investors must remain vigilant against phishing and only utilize trusted platforms to manage their cryptocurrencies.

The onus is also on digital advertising leaders like Google to enhance security measures that better detect and combat crypto scams at scale.

Ultimately, this latest brazen heist ruthlessly targeting victims during the holidays serves as a stark reminder that cybercriminals will stop at nothing to steal cryptocurrencies.

With crypto threats on the rise, cryptocurrency holders need to stay vigilant–even during the cheer-filled holidays.