Scammers Banked $59 Million in Crypto Exploiting Google Ads

Scammers have over the past nine months used a wallet-draining service named “MS Drainer” to siphon around $59 million worth of crypto from numerous victims, according to a recent report by blockchain security firm Scam Sniffer.

The scam operated through Google Ads, targeting victims with counterfeit versions of popular crypto platforms such as Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient, the report said.

2/ We first detected them in March, and the @SlowMist_Team shared their trails with us in early April. Then at the end of April, we spotted them again in Google search ad phishing. pic.twitter.com/wWIIi49YMT

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023

Wallet-drainers are specialized pieces of software that enables scammers to transfer crypto out of a victim’s wallet without their consent.

The software exists as blockchain-based smart contracts that even charge a share of the illicit proceeds as a fee that can go back to the developers.

‘MS Drainer’ first identified in March

According to Scam Sniffer’s report, the firm first identified MS Drainer in March this year, with the SlowMist security platform assisting in the investigation.

Regional targeting and page-switching tactics were reportedly used to evade Google’s ad audits, which in turn enabled the scammers to post fake ads as part of a phishing scam.

The scammers also utilized web redirects, misleading users into thinking they were accessing official websites.

63,000 victims

In all, Scam Sniffer discovered 10,072 fake sites employing MS Drainer, with its peak activity in November before a subsequent decline.

During its operation, the drainer extracted nearly $59 million worth of crypto from over 63,000 victims.

Scamming as a service

Notably, the MS Drainer developer sold his scamming tool on forums for a flat fee.

According to the report, the price was set at $1,499.99, with additional “modules” being offered at varying prices.