How Scammers Exploited Google and Twitter Ads to Siphon $58M

Scammers successfully bypassed Google and Twitter review processes for over 9 months to promote their wallet drainer scripts.

KyberSwap hacker showing thumbs up through the screen.
Created by Kornelija Poderskytė from DailyCoin
  • ScamSniffer revealed a Wallet Drainer exploit has been leveraging 𝕏 ads to scam users. 
  • The security firm shared that the exploit has been going on for months. 
  • Read how you can stay safe from this exploit. 

The crypto industry remains a prime target for scammers and hackers seeking unsuspecting victims. Evolving their tactics regularly, their methods take new and sophisticated forms, rendering previous precautious obsolete. 

Keeping in line with this trend, reports have now surfaced of a new ‘Wallet Drainer’ exploit that used Google searches and 𝕏 (Formerly Twitter) ads to successfully steal millions over nine months, hitting over 60,000 victims to date.

Hacker Bypass Google and X Systems

On Thursday, ScamSniffer, a prominent Web3 security platform, announced on 𝕏 that a Wallet Drainer malware has been on the loose for over nine months, siphoning off over $58 million from 63,000 victims. 

Sponsored

Initially detected in March, ScamSniffer linked the malware to multiple phishing campaigns and 𝕏 ads, taking multiple forms, including ‘Ordinals Bubbles.’ The security firm shared that scammers employed regional targeting and page-switching tactics to evade ad audits and make it harder for Google and 𝕏 to catch on to their malicious ads.

ScamSniffer reported that over 10,000 sites were associated with the same wallet drainer, with peak activity observed in May, June, and November. 

Given the increasing complexity of scams, it has become crucial for users to establish necessary precautions and exercise better vigilance. 

How to Stay Safe From Ad Scams

While scammers may have bypassed Google and 𝕏’s review process, a trained eye can readily identify and filter them out. Here are some tips that can significantly enhance your safety against potential hacks:

  • Look for inconsistencies. Most scams barely put any effort into their ads. 
  • If it’s too good to be true, it’s probably not true. 
  • Protect your recovery phrase by keeping it somewhere private. 
  • Double-check links, websites, and emails. Refrain from clicking any link unless it’s from a verified source. If the verified source has been compromised, take up the issue with other users and look for warnings and red flags.
  • Verify and scan all addresses, such as contract, sender, and others, before doing anything permanent. 
  • Report any suspicious activity to the concerned departments as soon as possible. 
  • Set up additional security layers, such as two-factor authentication.
  • Always do your research. 

On the Flipside

  • Overall, crypto hack losses have fallen by 50% compared to 2022. 
  • Tether implemented a wallet-freezing policy enabling the freezing of USDT obtained through illicit means. The stablecoin issuer has recently applied this policy to freeze USDT acquired by the Ledger hackers.

Why This Matters

While 𝕏 and Google have upped the ante on crypto ads and scams, malicious actors are still finding ways to bypass their radars, targetting unaware victims. Today, advertising has become a key tool for scammers to target victims cost-effectively. It’s critical for ad platforms to strengthen checks and for users to approach ads with caution. 

Find out why Charles Hoskinson isn’t interested in partnerships with XRP:
Cardano Founder Stands Firm Against Partnerships with XRP

Read how Messari stirred drama by cutting Cardano from its report:
Messari Report Irks Cardano Execs over Chain’s Omission

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Insha Zia

Insha Zia is a senior journalist at DailyCoin covering crypto developments, especially in the Cardano ecosystem. With a Bachelor of Science in Computer Systems Engineering, he delivers high-quality articles with his technical background and expertise in data analysis and programming languages, aiming to educate and inform readers accurately, transparently, and engagingly. Insha believes education can drive mass adoption of the crypto space, and he is committed to giving DailyCoin readers a better understanding of the technology.

Read more