4 hours ago
1
One DeFi user lost over $1.23 million after falling victim to a scam that utilizes Google Ads to promote fraudulent websites.
Crypto scams are becoming increasingly rampant, and major platforms appear to be doing insufficiently to prevent them. On Monday, July 21, one DeFi user lost over $1.23 million in Uniswap NFTs after signing a malicious transaction on a phishing website. What is worse, scam sites like these are rampant on the Google Ads platform.
According to Scam Sniffer, the user in question accessed a phishing website meant to look the same as the Uniswap platform. Once there, they signed a malicious transaction which included a line that automatically approves all further transfers. After that, the attackers were able to access all NFTs on Uniswap V3 and transfer them to their wallets.
Phishing sites rampant on Google Ads
While Scam Sniffer did not confirm the domain used in the attack, phishing sites like these are rampant online. Notably, attackers use Punycode URLs, which use the Cyrillic alphabet to make the URL appear almost identical to a legitimate one.
For the scam to work, users don’t have to share their private wallet keys with the attackers. Instead, just signing a malicious smart contract is enough to authorize the attacker to gain access to all the assets on a user’s wallet.
Scammers then serve these URLs through direct messages and Google Ads. Notably, these ads appear as top results on Google for several major DeFi platforms. Google also profits from these types of scams, collecting revenue every time a user clicks on a malicious site.
Google page showing results for several popular crypto platforms, with phishing sites as top ad results | Source: XThe ubiquity of these scam sites on Google Ads suggests that the tech giant does not do adequate vetting when it comes to its advertisers.
English (US) · 