Beware of Google Ads’ “Phishing Attacks”! Over 60,000 Victims Lose $60 Million

Web3 anti-fraud platform Scam Sniffer released a report yesterday (21st) stating that a wallet hacker (Wallet Drainers) has stolen nearly $60 million from over 60,000 users in the past 9 months through phishing ads on Google search and the X platform.
(Prior summary:
Google search phishing attacks surge! “3,000 people hooked” over 4 million pounds of encrypted assets stolen)
(Background supplement:
Be careful! Multiple Web3 projects Discord, X accounts hacked, do not click on phishing links)
Table of Contents:
Be cautious of Google and X ads
Largest victim loses over $24 million
Beware of phishing scams
Scam Sniffer, the Web3 anti-fraud platform, released an analysis on wallet hackers (Wallet Drainers) who stole assets. The report states that in the past year, attackers have caused significant losses by using DNS attacks, sending emails, and other methods to distribute phishing ads.
Among them, Scam Sniffer specifically pointed out that a hacker, solely through Google recommended ads and ads on the social platform X (formerly Twitter), has stolen nearly $60 million from 63,210 victims in the past 9 months alone.
Be cautious of Google and X ads
Scam Sniffer discovered this wallet hacker as early as March this year, and by the end of April, Scam Sniffer officially captured the criminal record in Google ads:
At the end of June, the security team ZachXBT shared a set of phishing ads called “Ordinals Bubbles” on the X platform with Scam Sniffer. After analysis, it was found that the attacker behind the phishing ads on X was the same person as the Google ads mentioned above.
According to Scam Sniffer’s latest tests on X platform ads, almost all ads involve phishing scams. Out of the 9 sampled phishing ads, 6 are related to this hacker, accounting for over 60%. It is suspected that there is an organized group behind it.
Largest victim loses over $24 million
Scam Sniffer points out that during the 9-month monitoring period, over 10,000 websites related to this wallet hacker had their peak activities in the months of May, June, and November. The largest victim, 0x13e382dfe53207e9ce2eeeeab330f69da2794179e, lost over $24 million, and the second largest victim, 0x5197da90fb01040a1896a92616ecdfb5765b1134, suffered a loss of nearly $1.2 million.
Scam Sniffer also adds that hackers of this type often use geolocation and page switching strategies to bypass ad platform audits, while using redirection to make themselves appear legitimate. For example, they disguise links as official domain names that actually lead to phishing websites, making users more susceptible to intrusions.
It is worth noting that Scam Sniffer even found information in a forum where this hacker sells their services, and stated that unlike other wallet hackers who provide hosting services and charge a 20% service fee, they openly sell their source code and additional value-added services:
Beware of phishing scams
Finally, Scam Sniffer points out that ads have become an important means for current online phishing scammers to steal user funds. Through Google search terms and the use of the X platform, hackers can accurately target specific audiences, enabling them to launch sustained online attacks at very low costs.
Because of this, users need to be particularly cautious of ads on major online platforms, including Google and X, and remain vigilant before signing any content to avoid financial losses.