In a troubling trend spanning the past year, cybercriminals have orchestrated a series of phishing scams to pilfer millions of dollars in cryptocurrency assets via deceptive ads on major platforms, including Google and X. Uncovered by cybersecurity experts at ScamSniffer, these scammers are employing a sinister tool known as ‘wallet drainers’ to carry out their nefarious schemes in phishing scams.
Disclosed in a recent blog post, ScamSniffer reveals that the initial detection of this wallet drainer occurred within Google search ad phishing, later making its way into a set of X phishing ads shared by ZachXBT. A recent examination of ads in X’s feeds showed that nearly 60 percent of phishing ads utilised this specific drainer.
We are now on WhatsApp. Click to join.
Between March and December, ScamSniffer diligently monitored 10,072 phishing websites, linking them to the theft of almost $58.98 million from more than 63,000 victims over the preceding nine months through an analysis of on-chain data associated with phishing addresses.
Understanding Wallet Drainers and Their Propagation
Wallet drainers operate by duping users into authorising malicious transactions that drain the assets from their cryptocurrency wallets. Typically, this occurs when users interact with misleading links embedded in deceptive advertisements, which are, in reality, phishing scams.
Recent examples of these phishing scams employing the wallet drainer include a cluster of deceptive X ads termed “Ordinals Bubbles” and fake links leading to popular crypto platforms such as DeFiLlama and Lido. Notably, these phishing ads have become more sophisticated, incorporating redirect tricks that mimic official and legitimate domains while ultimately leading users to phishing websites.
The blog post underscores the versatility of these wallet drainers, stating, “Phishing scammers have deployed these tactics through various channels such as phishing ads, supply chain attacks, Discord phishing, Twitter spam comments and mentions, Airdrop Phishing, SimSwap attacks, DNS attacks, email phishing, etc., continually targeting ordinary users with phishing attacks and resulting in significant asset losses.”