Scammers have stolen over $4 million in crypto funds from users using deceitful websites they promoted through Google search ads, ScamSniffer reported on Thursday. Based on the number of affected users and the amount of money they spent to promote their malicious ads, scammers’ return on investment (ROI) was 276% over the past month.

How did Scammers Deceive the Users?

According to the Web3 anti-scam solution ScamSniffer, users have lost over $4 million after falling victim to crypto phishing websites promoted via Google.

In a Twitter thread posted on Thursday, ScamSniffer revealed that there had been a great number of malicious ad links to phishing websites on Google ad searches. These links lead users to fake websites, asking users to enter their login signature information, thus compromising their wallet addresses. Some of the most targeted crypto projects these ads target include popular decentralized finance (DeFi) protocols and brands such as Zapper.fi, Lido, Stargate, Defillama, and Radiant, among others.

“When you open a malicious advertisement from Zapper, you can see that it attempts to obtain authorization of my $SUDO by using a Permit signature. Currently, many wallets do not have clear risk warnings for this type of signature, and ordinary users may think it is a normal login signature and sign it without thinking twice.”

– ScamSniffer said in the official post.

ScamSniffer says that scammers have used several techniques to circumvent Google’s ad review process. These include anti-debugging techniques, parameter distinction, and methods to manipulate the Google Click ID parameter, allowing scammers to display a regular webpage during Google’s ad review process.

Scammers’ Return on Investment is 276%

Data analysis of addresses linked to fake websites advertised by scammers shows that around $4.16 million has been stolen from users over the past month. More than 3,000 users have been affected by the scams, according to ScamSniffer.

Based on an approximate conversion rate of 40% from 7,500 users clicking on the malicious ads, the money scammers spent to advertise the websites amounts to around $15,000. Since over $4 million was stolen, the scammers’ ROI has been around 276%.

Phishing attacks have been one of the popular techniques scammers use to steal crypto funds from users. The crypto space, particularly DeFi, remains one of the hackers’ favorite playgrounds, with over $3.7 billion stolen in 2022.

This article originally appeared on The Tokenist

Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.