In the last year, cybercriminals utilized phishing schemes via harmful ads on major platforms such as Google and X to pilfer millions in crypto assets. ScamSniffer cybersecurity researchers found that scammers employ ‘wallet drainers,’ with one being prominently used in phishing ads.
According to a blog post, the company notes that the initial identification of this drainer occurred in Google search ad phishing. Subsequently, it was identified in a series of X phishing ads disclosed by ZachXBT. In a recent assessment of ads within X’s feeds, the company observed that almost 60% of the phishing ads employed this specific drainer.
Between March and December, Scam Sniffer tracked approximately 10,072 phishing websites. The company also scrutinized on-chain data associated with their phishing addresses, revealing that they pilfered nearly $58.98 million from over 63,000 victims in the past nine months.
What do wallet drainers entail and how do they propagate?
A wallet drainer operates by deceiving users into approving malicious transactions, ultimately pilfering assets from their crypto wallets. Typically, this occurs when users click on deceptive links within false advertisements, which are essentially phishing scams. Recent instances of phishing scams employing the wallet drainer method include a series of phishing ads on X titled “Ordinals Bubbles” and fraudulent links to well-known crypto platforms like DeFiLlama and Lido.
These phishing ads have grown increasingly sophisticated, employing redirect techniques that mimic official and authentic domains. However, these seemingly legitimate links actually direct users to phishing websites. The blog post emphasizes, “Phishing scammers have employed these drainers through various methods, including phishing ads, supply chain attacks, Discord phishing, Twitter spam comments and mentions, Airdrop Phishing, SimSwap attacks, DNS attacks, email phishing, etc., consistently targeting regular users with phishing attacks and resulting in significant asset losses.
What makes scammers favor this wallet drainer?
In contrast to other wallet drainers, this one doesn’t impose a 20% fee on the scammers’ earnings. Instead, the developers of this malware sell the source code for a fixed amount, offering additional value-added modules as optional add-ons. The report states, “By focusing on particular audiences using Google search terms and the X user base, they can pinpoint specific targets and initiate ongoing phishing campaigns at a minimal cost.”