Unknown people ran phishing ads for cryptocurrency projects in the Google search engine, with the help of which they stole $4.16 million, it was noticed by Twitter user under the nickname Scam Sniffer.
According to his data, attackers disguise malicious links as legitimate sites of various projects like Lido, DefiLlama, Zapper, Stargate, Orbiter Finance and Radiant.
After clicking on the link, the site asks for a digital wallet signature ostensibly for authorization. In reality, it gives attackers access to the user’s funds.
Analysts managed to identify the advertisers – ROMUS-POLLIGRAF LLC (Ukraine) and TRACY ANN MCLEISH (Canada). The combined value of the ads they placed was about $15,000.
The last month was very active. Victims of fraudulent sites at the time of writing were almost 3,200 users and the damage amounted to $4.16 million.
Part of the funds received from the largest addresses was sent to SimpleSwap and Tornado Cash mixer. Direct transfers to KuCoin, Binance and other exchanges were also recorded.
According to Scam Sniffer, attackers were able to bypass Google’s advertising validation by varying domain name parameters and preventing page cache debugging. Binance CEO Changpeng Zhao reported back in October 2022 that Google search results promote phishing sites targeting cryptocurrency users.