Cyber Security News

Hackers Stolen Over $58 Million in Crypto Via Malicious Google and X Ads

Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time.

Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. 

Several techniques were used for draining, which include phishing ads, supply chain attacks, Airdrop phishing, DNS attacks, and many others. These attacks result in much loss for victims due to crypto wallet stealing. 

However, one wallet drainer has been used predominantly in over 60% of the phishing ads used by threat actors.

Google Search & Twitter (X) Ad Phishing

According to the reports shared with Cyber Security News, 10,072 phishing sites account for $58.98 million in crypto wallets draining from 63,210 victims. This particular wallet drainer was first detected in March and again at the end of April.

Source: ScamSniffer

As for Google Ad phishing, many campaigns were spotted that were related to Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. As of Twitter, the phishing ads were called “Ordinal Bubbles,” and all of them were using the same drainer.

Twitter ads (Source: ScamSniffer)

Ad Audit Bypass

To bypass the ad audits of these campaigns, threat actors have been using many methods, such as targeting specific regions, which will display the phishing page only to people from a specific region.

The page that can be seen when opening the link directly will be different from the one that is opened from the ad link.

In addition, redirect deception was also used in which the ad appears to be from the official domain, but the final redirected site is the phishing site.

The biggest victim of these phishing campaigns was a wallet address 0x13e382dfe53207e9ce2eeeab330f69da2794179e, which lost $24 million in September.

Drainer Analysis

The drainer, used in 60% of the phishing campaigns, was sold in a forum and is fully managed with a charge fee of 20%.

The sellers of this drainer share the source code and additional value-added modules to the drainer. 

Several features, such as adding a malicious signature for blur for phishing, will cost more and must be purchased from them. The developer of this drainer has been changed from pakulichev to Phishlab.

Furthermore, a complete report about these phishing campaigns and wallet drainers has been published, providing detailed information about the threat actors, the wallet drainers, and others.

It is recommended that users be extra cautious when viewing ads and be vigilant before entering their wallet details on a website.


Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost…

1 day ago

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…

3 days ago

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…

3 days ago

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…

3 days ago

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…

3 days ago

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…

3 days ago