Trusted

Google Ads Becomes Latest Platform Used to Steal Crypto in $500,000 Phishing Attacks

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • By placing advertisements for fake wallets under the names of genuine wallets, unsuspecting people were scammed out of more than $500,000.
  • The advertisements led to websites that looked deceptively similar to wallets of genuine sites.
  • Eleven crypto wallets were affected, with each containing between $1,000 and $10,000 in cryptocurrency.
  • promo

In a new twist on phishing attacks, fake wallet registration sites listed advertisements on Google Ads and solicited wallet passphrases from wallet holders.

The attackers emulated platforms like Metamask and Phantom to make users think that their platforms were legitimate. Fake wallets were advertised with the names of genuine wallets, and users were tricked into downloading the fake wallets.

Same phishing attack, different platform

This fake wallet attack is just the latest incarnation of a phishing attempt, where users are tricked into divulging personal information by a bad actor posing as a legitimate entity. Now the medium is advertisements. The illegitimate sites looked very similar to their legitimate counterparts, which may have falsely allayed phishing fears. People familiar with wallets would have picked up on the next red flag, a request for a wallet passphrase. This request was acceded to by the victims, leading to the loss of their money. According to Check Point Research, a passphrase is instrumental in recovering a crypto wallet, and compromising this is more dangerous than giving out an account password.

Are crypto scam red flags too difficult to notice?

According to Checkpoint Research, popular wallets like Metamask and Phantom are browser extensions, not websites. If one is directed to enter a password on a supposed Metamask website, trouble is afoot. One has to be extra careful and perform due diligence before engaging the cryptocurrency world, especially when it comes to managing one’s wallet. It is not like a stolen credit card, where recourse is possible by contacting the bank that issued the card. 

Google ads are not standard vehicles for phishing attacks, and they can be an example of an attack that hides in plain sight. The last major ad attack came about a year ago, where a user claimed to have lost $15k trying to participate in a bogus cryptocurrency sale of the Chinese CBDC. The user clicked on a Coindaq.io top-level URL, which then redirected to a site where funds were required to participate in the sale of the digital yuan. Google’s ad policy now prohibits advertisements for initial coin offerings, DeFi trading protocols, or ads that promote in some way the purchase, sale, or trade of cryptocurrencies. This policy would have protected the victim from their $15K loss. Wallets and exchanges which are licensed and where the products and ads comply with local law and where the account is certified by Google may advertise. Ads for cryptocurrency exchanges and wallets are allowed only in the USA.

What do you think about this subject? Write to us and tell us!

Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
3Commas 3Commas Explore
Uphold Uphold Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | October 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored