Google Ads is Being Used by Crypto Scammers to Siphon Thousands of Dollars

So it’s reported that Google Ads is Being Used by Crypto Scammers to Siphon Thousands of Dollars crypto wallets users. The crypto world is full of dangers, with scammers lying in wait for newbies and novices.

Google Ads is Being Used by Crypto Scammers to Siphon Thousands of Dollars

A recent report from security outfit Check Point Research highlights a potent form of attack: using Google Ads to direct users to fake crypto wallets. In its report, CPR said it has seen roughly half a million dollars siphoned off through these methods in just the last few days.

Google Ads is Being Used by Crypto Scammers to Siphon Thousands of Dollars

Here’s how the scam works. Attacker buys Google Ads in response to searches for popular crypto wallets (that’s the software used to store cryptocurrency, NFTs, and the like).

According to the verge, CPR says it’s noticed scams targeting Phantom and MetaMask wallets, which are the most popular wallets for the Solana and Ethereum ecosystems.

The Scam Seen As a Fairly Typical Phishing Attack

When the unsuspecting Googles “phantom,” the Google Ad result which appears above actual search results, it directs them to a phishing website that looks like the real thing. Then, one of two things happens: either the user enters their credentials which the attacker keeps.

Or, much weirder, if they try to create a new wallet they’re told to use a recovery password which actually logs them into a wallet controlled by the attacker, not their own. “This means if they transfer any funds, the attacker will get that immediately,” says CPR.

Attackers Using Fake URLs to Trick Users

As with phishing scams more generally, the attackers rely on making their fake log-in pages look as much as possible like the real thing.

CPR notes that they’ve seen attackers use fake URLs to trick users, directing them to or, for example, instead of the correct

The group has also seen similar phishing scams used to direct users to fake cryptocurrency exchanges, including PancakeSwap and UniSwap.

CPR Researchers

CPR’s researchers say they started noticing these scams after seeing crypto users complain about their losses on Reddit and other forums. They estimate that “at least half a million dollars” have been stolen over the past few days.

“I believe we’re at the advent of a new cyber-crime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,” said CPR’s Oded Vanunu in a press statement.

“The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging.

And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets.”

The group offers a few words of wisdom for users hoping to avoid these pitfalls, including never clicking on Google Ads results but instead looking at search results, and always check the URL of the site you’re visiting.


Please enter your comment!
Please enter your name here