The Wallet Drainers malicious script used phishing campaigns in Google search results and Twitter ads, stealing millions of dollars from users.
According to Scam Sniffer, the malicious script stole nearly $59 million in digital assets from more than 63,000 victims over nine months. Over the past nine months, 10,072 websites have been linked to Wallet Drainers, with activity peaking in May, June and November.
<img decoding="async" width="1024" height="303" src="https://crypto.news/app/uploads/2023/12/Screenshot-2023-12-21-at-16.20.07-1024×303.png” alt=”A malicious script on Google and X stole $58 million in cryptocurrency from more than 63,000 users – 1″/>
Most of the announcements were related to cryptocurrencies and nft airdrops. Additionally, some of them were references to popular blockchain projects, such as Ordinals Dogecoin (DOGE). The malicious ads used page-flipping tactics and regional targeting to bypass ad audits, complicating the review process. A test of the X ad in the feed showed that nine were phishing ads, and over 60% used this wallet drain.
“Phishing ads employ redirect tricks to appear legitimate, such as disguising links as official domains that actually lead to phishing sites.”
Scam Tracker Experts
Earlier this month, Ledger, a popular crypto hardware wallet maker, warned its customers about the dangers of using dapps. The reason was an discovered attack on the supply chain.
The attackers injected malicious javascript code into the Ledger dapp Connect Kit library, which allows web3 applications to interact with Ledger wallets. This code automatically stole cryptocurrencies and NFTs from accounts connected to the service.
According Chain analysis, attacker activity is starting to increase: from May 2021 to December 2023, phishers stole $1 billion in cryptocurrency. In the initial stage, analysts identified at least 1,013 addresses involved in spear phishing. Phishing refers to a scam in which the criminal sends emails or SMS messages asking you to click on a link or log into their account.
