The fraudulent campaigns used Google to rank fake websites and have stolen at least half a million dollars from cryptocurrency users.
Users of digital wallets Metamask and Phantom They are the target of a massive new wave of phishing attacks that has stolen at least $ 500,000 worth of cryptocurrencies.
A recent investigation of Check Point Research (CPR) warned about a “massive search engine phishing campaign”Which has caused losses of almost half a million dollars to cryptocurrency users.
According to CPR, in the last few days “multiple events”In which hundreds of cryptocurrency users have had their funds stolen while trying to download and install well-known wallets, such as Metamask or Phantom. Users of popular decentralized exchange (DEX) platforms such as PancakeSwap or Uniswap, have also been victims of the attacks.
Over the past weekend, Check Point Research found hundreds of incidents where crypto investors lost their money trying to download and install known or exchange your coins on crypto exchange platforms like PancakeSwap or
Fraudulent website ads on Google
According to research, fraudulent campaigns they used search engine ads – like Google – to target digital wallet users. They then employed fake URLs and websites to allow scammers to steal wallet passwords and access cryptocurrency funds stored in those wallets, CPR said.
It should be noted that in phishing attacks, cyber attackers pose as a trusted person, company, website or application to steal funds.
In the particular case of the campaign that alerted CPR, the hackers mimicked the wallet platforms of Metamask and Phantom, as well as the websites of PancakeSwap and
Over the past weekend, CPR researchers spotted several phishing websites that looked like the original website, because the scammers copied its design.
“I just installed the ghost wallet and somehow ended up downloading the scamSaid one Reddit user citing the research, adding: “I’m something new in wallets“.
Beware of weird URLs
The report also gave an example how cyber scammers used a Google ad campaign to steal users’ private keys and access their wallets MetaMask. The private key, which acts as a sort of master key to access funds from an address, allowed attackers to steal the funds.
To carry out these attacks, malicious users applied the same tactic with MetaMask. They used domains with names very similar to the legitimate one, such as “MètaMask“Or”metamas.top“, And they advertised the fraudulent websites on popular search engines like Google. That way, when people searched for keywords on the Internet, the first thing that came up was ads from fraudulent websites.
The team of Check Point Research highlighted that this type of phishing attack was more elaborate than usual, precisely because of the tactics used by hackers who took advantage of search engines such as Google to position their scams.
What makes this phishing campaign unique is the fact that scammers don’t send phishing links via email like traditional phishing scams. Instead, they are using Google ad campaigns to make their phishing websites appear before the original site when someone searches for the keyword.
To protect yourself from potential phishing attacks like this one, CPR recommended to cryptocurrency users that “refrain from clicking on ads and only use direct and well-known URLs“.
Hannah Estefanía Pérez’s version / DailyBitcoin
Image from Unsplash