Subscribe to our cybersecurity newsletter for the latest information.Is your cryptocurrency wallet safe? In recent weeks, scammers have siphoned off more than half a million dollars from crypto wallets. That’s enough to buy hackers quite a few new cars, vacations or opportunities to invest in new business ventures.

Eleven of these wallets contained sums between $1,000 and $10,000, which has disappeared altogether. Scammers withdrew funds before researchers could observe the issue or assist with mitigation.

Google Ads, scams, and hacking operations

According to Check Point Research, scammers now bid on keywords within Google Ads. Once ads are launched, scammers intend for victims to click on malicious links. The links direct victims to malicious web pages, which are designed to collect passwords to cryptocurrency wallets. Once scammers have a cryptocurrency wallet password, they can easily steal anything inside of the wallet itself.

Says Google, “This behavior directly violates our policies and we immediately suspended these accounts and removed the ads. This appears to be a malicious actor looking for ways to evade our detection. We are always adjusting our enforcement mechanisms to prevent these abuses.”

How the scam works

Two of the most popular cryptocurrency wallets for Ethereum and Solana, respectively, are known as MetaMask and Phantom. The scam worked because scammers made phony links to at least one of the crypto wallet sites, Phantom, easily accessible on Google. Phantom’s official wallet is phantom.app. However, fraudulent sites included phanton.app, phantonn.app and phantom.pw.

When site users attempt to create a new wallet, the fraudulent sites will automatically generate a recovery phrase. However, this phrase actually becomes a tool that scammers can leverage. Eventually, users are directed towards the authentic Phantom site. Scammers have also found a means of attacking existing cryptocurrency wallets and any resources therein.

Cyber security experts recommend that individuals carefully check URLs of cryptocurrency wallet sites. In general, it’s a good practice to check URLs.

Experts on the Google Ads scams

Experts indicate that a number of Reddit and Twitter users complained about hacks via malicious Google Ad links, which helped to alert researchers to the issue. One Redditer said “Hey I just installed the phantom wallet and somehow I ended up downloading the scam…”

“I believe we’re at the advent of a new cyber crime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,” says Check Point Software’s Head of Products Vulnerabilities Research, Oded Vanunu.

Avoiding Google Ads scams

Watch out for Google Ads that imitate actual ads and ensure that you check URLs ahead of clicking on links. Even the most seasoned of cyber security professionals can fall victim to new phishing traps. In addition, be sure to:

  • Look for an extension icon in the browser URL area.
  • Avoid distributing your passwords or passphrases.
  • Skip the ads. If searching for a specific URL, look for the regular blue website link.

Read a full research report on the Google Ads phishing campaign here. Or, see a more in-depth and non-technical article on the topic here. Lastly, receive additional timely insights, cutting-edge analysis and robust resources when you sign up for the CyberTalk.org newsletter.