Cryptocurrency fraudsters have capitalised on unsuspecting victims in a spree of wallet-draining scams, netting approximately $58 million over the past year. These elusive criminals have employed various tactics, from phishing ads on Google to exploiting vulnerabilities in social media platforms, leaving ordinary users vulnerable to substantial financial losses.
The Rise of Wallet Drainers
🚨1/ Alert: A 'Wallet Drainer' has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months. pic.twitter.com/ye3ob2uTtz
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
Wallet drainers, as these cybercriminals are aptly named, have witnessed a surge in their nefarious activities, with their exploits extending across various mediums, including phishing ads, supply chain attacks, Discord phishing, SimSwap attacks, DNS attacks, and email phishing. These tactics have been employed with alarming frequency, targeting everyday users and causing significant financial damage.
One specific wallet drainer stands out for its extensive use in phishing ads, initially discovered within Google search ad phishing campaigns. Later, it was unearthed in a set of X phishing ads shared by the vigilant ZachXBT. A recent sampling test of ads on the X platform revealed that nearly 60% of phishing ads employed this same wallet drainer.
Google Search Ad Phishing
2/ We first detected them in March, and the @SlowMist_Team shared their trails with us in early April. Then at the end of April, we spotted them again in Google search ad phishing. pic.twitter.com/wWIIi49YMT
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
The first detection of this malicious actor occurred in March, followed by the SlowMist team sharing their findings in early April. It reared its head in late April in Google search ad phishing campaigns. Some unsuspecting individuals were lured into these malicious ads, resulting in financial losses. Notably, a counterfeit Radiant ad was identified as one of the culprits.
X Ads
4/ A recent test of X's ad in the feed showed that 9 were phishing ads, with over 60% using this wallet drainer. pic.twitter.com/ywpLUT062l
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
Towards the end of June, ZachXBT shared a collection of X phishing ads known as “Ordinal Bubbles.” Upon analysis, it became evident that these ads all had one thing in common—the same wallet drainer. A recent test of X’s ad feed unveiled a startling statistic: six out of nine phishing ads were utilising this wallet drainer, constituting over 60% of the total.
Evasion Techniques and Deceptive Tactics
6/ Phishing ads employ redirect tricks to seem legit, like disguising links as official domains that actually lead to phishing sites. pic.twitter.com/EBiaWc0sf8
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
To make matters worse, these phishing ads employed various techniques to bypass ad audits. They meticulously targeted specific regions, ensuring that users from other areas encountered seemingly innocuous websites when clicking on the links. This deception complicated the ad audit process significantly.
Additionally, redirect deception was a favoured tactic, with the phishing ads appearing to originate from official domains while ultimately leading victims to fraudulent sites. This cunning approach made it difficult for users to discern the authenticity of the advertisements they encountered.
The Grim Reality: Phishing Sites and Theft
8/ Analysis shows this wallet drainer stole about $58.98 million from 63,210 victims in 9 months through associated addresses.https://t.co/um9n53GFqN
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
Over the past nine months, a staggering 10,072 phishing sites linked to this wallet drainer have been monitored. Disturbingly, specific periods, notably in May, June, and November, saw significant spikes in activity. A comprehensive analysis of on-chain data associated with the drainer has estimated that approximately $58.98 million was stolen from an unfortunate total of 63,210 victims.
The impact on individual victims has been dire, with some losing substantial sums. Notably, one victim (0x13e382dfe53207e9ce2eeeab330f69da2794179e) suffered a devastating loss of $24 million in September, as previously reported.
The Enigmatic Drainer
10/ Advertising has turned into a key tool for scammers to target victims cost-effectively through Google search and X's user base. With tactics like domain spoofing and ad review evasion, the threat persists.
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
What sets this particular wallet drainer apart is its unique approach to distribution. Unlike its counterparts, which are fully managed and levy a 20% fee, this drainer opts to sell its source code and additional value-added modules separately. This approach allows for customisation, with the option to add malicious signatures using Blur for phishing available for an additional fee.
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023
This alarming rise in wallet-draining scams underscores the pivotal role advertising plays in enabling phishing scammers to target victims effectively. By exploiting specific audience demographics through Google search terms and platforms like X, these criminals can select their targets and launch relentless phishing campaigns at minimal cost.
Given the utilisation of domain spoofing and evasion of ad reviews, users are constantly at risk of falling victim to phishing threats. Ad platforms must enhance their verification processes to thwart malicious actors seeking to exploit their services.
As users, our vigilance is paramount. It is imperative to exercise caution when encountering advertisements, adopt a sceptical approach before engaging with them, and always verify any transaction’s legitimacy. In a world where cryptocurrency scams loom large, staying safe requires constant vigilance.
About Scam Sniffer
Scam Sniffer is a dedicated anti-scam platform that combines off-chain and on-chain monitoring data to offer real-time protection for Web3 users. With a commitment to ensuring the safety of the following billion users in the Web3 landscape, Scam Sniffer has been instrumental in safeguarding well-known platforms from fraudulent activities.
