Scammers Make Off With $500,000 in Phished Crypto

Scammers netted about $500,000 in cryptocurrency in a new type of phishing campaign, according to Check Point Research. Instead of using phony emails to lure in unsuspecting individuals, the scammers bought Google Adas placements and used them to advertise fake websites meant to look like well-known wallets such as Phantom App and Meta Mask.

Check Point Research demonstrated in its report how the scammers would change the URL's spelling, but keep the rest of the wallets' information the same. A Google search for Phantom would bring up the genuine phantom.app, but would also bring up the fraudulent phanton.app, for instance. Everything about the Google result would look identical to the real deal except for the URL and it would be listed higher, too, as Ads appear first on the search page.

From there, the phishing operated as it would in a more traditional email context. Users could type in their passphrase for the genuine wallet on the phony website, handing their credentials directly to scammers. If they were to create a new wallet, they'd be given the scammers' secret recovery phrase, then use that to log into the false account, transferring funds to a bad actor in the process. The MetaMask dupe even gave users the option to import existing wallets.

Check Point Research cross-referenced Reddit and determined that $500000 was stolen last weekend alone. The company also found 11 compromised wallet accounts containing cryptocurrency worth $1,000 to $10,000.

The group advises users not to click on Google ads and to double check all URLs before entering credentials into a wallet.