Scammers Use Google Ads to Steal Nearly $500,000

Reports: Scammers Use Google Ads to Steal Nearly $500,000 in Cryptocurrency
Reports: Scammers Use Google Ads to Steal Nearly $500,000 in Cryptocurrency

Information security firm Check Point Research said it is warning of fraudsters using Google Ads to steal cryptocurrency wallets, after seeing hundreds of thousands of dollars in cryptocurrency taken from victims last weekend. Scammers place ads at the top of Google searches that imitate popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their wallet passphrase and private key.

According to Check Point Research, more than $500,000 worth of cryptocurrency was stolen within days, and the company said that over the past weekend it had noticed hundreds of thousands of dollars in cryptocurrency being stolen from wallets by fraudsters. To lure their victims, scammers placed Google ads on top of Google searches that mimic popular wallets and platforms, such as Phantom App, MetaMask and Pancake Swap. Each ad contained a malicious link that, once clicked, directs the victim to a phishing website that copies the branding and messages of the original wallet site. From here, the scammers tricked their victims into giving up their wallet passwords, thus paving the way for wallet theft.

The famous security company added that traditionally, phishing campaigns originate by email. In what appears to be a new trend, multiple scam groups are now bidding for wallet-related keywords in Google Ads, using Google search as an attack vector to target victims' crypto wallets. Related to a crypto wallet and then the victim clicks on a malicious link in Google Ads and the victim is directed to a phishing website that looks identical to the original wallet site and the fake site is trying to steal the word evil, if it already has a wallet; Or it will provide him with a new password for a newly created wallet in both cases, the fraudster has access to the user’s wallet and can go ahead to steal all their cryptocurrency.

And Check Point says that for the domain “phantom.app,” its experts have encountered phishing variants like phanton.app or phantonn.app, or even different extensions like “.pw” and more. Every malicious ad leads to a phishing website.


The first picture below shows the original Phantom website, followed by the fraudulent Phantom website.



Security firm Check Point said it found 11 hacked wallet accounts, each containing between $1,000 and $10,000. The scammers had already withdrawn some of the funds before the operation was discovered. The company estimates that more than $500,000 was stolen over the past weekend.

google-playkhamsatmostaqltradent