Cybercriminals have stolen over $4 million from cryptocurrency users in the latest wave of cybercrime. These thefts were conducted through phishing sites promoted on Google Ads that mimicked legitimate crypto platforms.
The scammers tricked unsuspecting users into providing login credentials, private keys, and other sensitive information, which they then used to access users’ cryptocurrency wallets and steal their digital assets.
According to anti-scam service provider ScamSniffer, many malicious advertisements for phishing websites are visible on Google Ads searches.
Over the past month, these criminals saw a 276% profit from their illegal activities due to the number of users impacted and the money used to promote their fraudulent advertisements.
The scammers have targeted several decentralized finance protocols, websites, and brands, including DefiLlama, Lido, Orbiter Finance, Radiant, Stargate, and Zapper. DeFi users have been impacted the most, as it is challenging to identify when they have clicked on malicious links due to slight changes to official URLs.
For instance, scammers use malicious advertisements from Zapper to obtain authorization of $SUDO through a Permit signature, which many wallets do not have clear risk warnings for.
Ordinary users may think it is a normal login signature and sign it without thinking twice. This highlights the importance of being cautious and vigilant when accessing crypto platforms and websites.
Users must check the authenticity of the website, URLs, and promotional advertisements before entering sensitive information. They must also verify that the website has a secure HTTPS connection, look for verified social media accounts, and use two-factor authentication to protect their crypto assets.
As the number of scams and phishing attacks continues to rise, it is crucial to stay informed and adopt best practices to protect yourself from cybercriminals.