Google and X used by scammers to steal $58 million from victims
Scam Sniffer has identified 10,072 scam sites on Google and X that use ads to drain wallets.
Share this article
A phishing tool called ‘Wallet Drainer’ has been used in scams through Google search and X ads. This tool has managed to steal nearly $58 million from over 63,000 victims in just nine months. Scam Sniffer, a platform designed to protect Web3 users from scams, reported the most significant theft, where a victim lost $24 million in September.
Since March, scammers have primarily funded themselves through phishing, a deceptive online tactic impersonating trusted brands via emails, ads, or websites to trick users into providing sensitive information or access to their crypto wallets.
Researchers recently discovered the same “drainers” in targeted advertisements on popular social media networks. This repackaged scam model migrated from search to social to bid for more eyeballs. Security teams analyzed account data from the past nine months and tied over 10,072 scam websites to these drainer scams, which often would impersonate known crypto brands.
Scammers tailor their infrastructure and tactics over time to maximize success and evade protective filters. Their ploys include peppering different global regions with scam sites and swapping genuine brand URLs with phishing sites behind the scenes.
This allows them to target victims in specific locations while showing innocuous sites to auditors or security services scrutinizing other areas. By constantly adapting sites and strategies, the scam networks have tried to stay one step ahead of fraud detectors while reeling in as much illicit crypto revenue as possible from unsuspecting users.
In June, ZachXBT revealed a set of X phishing ads dubbed “Ordinals Bubbles,” which employed this same Drainer. A sampling test of ads in X’s feeds showed that nearly 60% of the phishing ads utilized this tool.
Moreover, the phishing ads employ redirect deception techniques, making them appear credible. They often mimic official domains, luring victims to phishing sites disguised as legitimate websites. For instance, an ad that seems to lead to the official StarkNet website might redirect users to a phishing site instead.
It is worth noting that the Drainer, commonly referred to as MS Drainer, can be available on various forums. In contrast to other Wallet Drainers that are entirely managed and charge a fee, MS Drainer offers its source code for purchase and can provide additional modules and features for additional fees.