MS Drainer Scam Leverages Google Ads, Swipes $59M in Crypto Over Nine Months
Summary:
Scammers used a service called "MS Drainer" to steal approximately $59 million in cryptocurrencies from victims over the last nine months, revealed by blockchain security platform Scam Sniffer. The fraudsters deployed Google Ads to ensnare victims with counterfeit versions of well-known crypto sites. The criminal activity reached its peak in November before significantly dropping. Despite Google's auditing systems, the scammers evaded ad audits and quality control measures by using regional targeting and page-switching tactics. The report also uncovered the developer's unique marketing strategy, offering the drainer software for a flat rate, unlike typical wallet drainers that operate on a percentage fee model.
Over the past nine months, fraudsters employing a malicious service termed as "MS Drainer" have managed to steal an estimated value of $59 million in cryptocurrencies from unsuspecting victims, as revealed by a Dec. 21 post on X (previously known as Twitter) by the blockchain security firm, Scam Sniffer. The report highlighted that the fraudsters utilized Google Ads to ensnare victims by duping them with counterfeit versions of renowned crypto platforms which included Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient.
A 'Wallet Drainer' refers to blockchain protocols that enable fraudsters to illegally move crypto holdings from a victim to themselves sans the victim's consent, often by taking advantage of the token approval procedure. The creators of this mechanism typically levy a cut of the derived profit as a fee for utilizing their draining software. This fee is enforced through smart contracts, making it unavoidable.
Scam Sniffer first detected the existence of MS Drainer in March. At that time, the Slowmist security platform team joined hands in the investigative process. Later in June, ZachXBT, a crypto sleuth, discovered a fabricated scam called "Ordinal Bubbles" associated with the drainer. During this investigation, nine different deceptive ads on Google were discovered, 60% of which used the malicious software.
Organizations like Google maintain auditing mechanisms to deter fraudulent ads from being published. But, in this case, Scam Sniffer found out that the fraudsters employed strategies such as regional targeting and page-switching tactics to evade ad audits thereby confusing the review process and enabling their ads to bypass Google’s standard control systems.
The fraudsters additionally employed web redirects to trick Google users into believing that they were redirected to an official website. For instance, the scam website cbridge.ceiler.network, had a typography error of the name “Celer” which was masked as the correct URL: cbridge.celer.network. Despite the correct spelling showcased on the ad, upon clicking, the users were redirected to the wrong website with the typographical error.
Upon further probing, the security firm detected 10,072 counterfeit websites using MS Drainer. The nefarious activity of the drainer reached its zenith in November before plummeting to nearly zero. Throughout its operation, the drainer successfully stole $58.98 million worth of cryptocurrencies from over 63,000 victims, as per a tracker on Dune analytics dashboard.
The inquiry also revealed the unique marketing tactic adopted by the developer of MS Drainer. Contrary to other wallet drainers that operate on a percentage fee model, MS Drainer software was available on forums for a flat rate of $1,499.99. Any additional features required by fraudsters were made available via separate “modules” costing $699.99, $999.99, or equivalent amounts.
Wallet drainers have emerged as a significant concern in the Web3 environment. An instance is the "Inferno" drainer, whose developer claimed its retirement post successfully pilfering more than $80 million from victims. A similar retirement announcement was made earlier in March by the developer of "Monkey Drainer" which had successfully stolen about $13 million by then.
Published At
12/22/2023 12:40:00 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.