Scammers Banked $59 Million in Crypto Exploiting Google Ads

Fredrik Vold
Last updated: | 1 min read
AI image of a crypto hacker
Source: Adobe / zedtox

Scammers have over the past nine months used a wallet-draining service named “MS Drainer” to siphon around $59 million worth of crypto from numerous victims, according to a recent report by blockchain security firm Scam Sniffer.

The scam operated through Google Ads, targeting victims with counterfeit versions of popular crypto platforms such as Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient, the report said.

Wallet-drainers are specialized pieces of software that enables scammers to transfer crypto out of a victim’s wallet without their consent.

The software exists as blockchain-based smart contracts that even charge a share of the illicit proceeds as a fee that can go back to the developers.

‘MS Drainer’ first identified in March


According to Scam Sniffer’s report, the firm first identified MS Drainer in March this year, with the SlowMist security platform assisting in the investigation.

Regional targeting and page-switching tactics were reportedly used to evade Google’s ad audits, which in turn enabled the scammers to post fake ads as part of a phishing scam.

The scammers also utilized web redirects, misleading users into thinking they were accessing official websites.

Example of phishing ads
Example of phishing ads on Google. Source: ScamSniffer

63,000 victims


In all, Scam Sniffer discovered 10,072 fake sites employing MS Drainer, with its peak activity in November before a subsequent decline.

During its operation, the drainer extracted nearly $59 million worth of crypto from over 63,000 victims.

Scamming as a service


Notably, the MS Drainer developer sold his scamming tool on forums for a flat fee.

According to the report, the price was set at $1,499.99, with additional “modules” being offered at varying prices.