- MS Drainer, a new wallet-draining tool, used Google Ads and X (formerly Twitter) to lure victims to phishing websites.
- This tool has been used to steal $59 million from 63,000 victims in 9 months.
- Using this tool, scammers mimicked URLs of platforms like Lido and DefiLlama to trick users into clicking phishing links.
- The scam thrived in November but sharply declined, likely due to increased vigilance and blacklisting.
Crypto scams continue to pop up every day, some of them more sophisticated and lucrative than others.
This year, billions of dollars have been stolen from victims, and according to a new report, the latest kind of scam in town is “wallet drainers”.
Wallet drainers are blockchain protocols that allow attackers to steal crypto from unsuspecting users without their knowledge. One of the most notorious wallet drainers in recent history is MS Drainer.
According to a recent report from Scam Sniffer, this wallet drainer has been used to steal about $59 million in crypto from over 63,000 victims in nine months, using Google Ads as a key weapon.
Google Ads – A $59 Million Hack
MS Drainer used to be a wallet drainer service that was sold via forums on the dark net for about $1,500 with additional modules for extra features.
Upon buying this software, scammers had a ready-made wallet drainer program and a dashboard to monitor their profits and victims. The service also offered support and updates, as well as tips on how to stay anonymous and steal more.
According to this report from Scam Sniffer, one of the main methods that MS Drainer used to lure victims was Google Ads and X (formerly Twitter).
Scam Sniffer notes that these MS Drainer scammers went as far as creating fake ads with URLs similar to those of proper crypto sites like Lido, Stargate, DefiLlama, Orbiter Finance and Radient.
When the victims searched for these services or crypto-related terms on Google, the fake sites popped up instead of the real ones.
For example, the scam site for Radiant was “radiantcapital.info”, instead of radiant.capital.
The phishing sites also used web redirects to fool Google users into thinking they were on the official sites. When the user clicked on something on the Google ad, they were redirected to the phishing site and would be none the wiser.
Once on the phishing website, the users were prompted to connect their wallet and “approve token access”, which triggered the wallet drainer which would silently scrape off all of their crypto and transfer to the scammer’s.
This Has Been Going On for Almost a Year
According to Scam Sniffer’s report, the wallet drainer service was active from March to December 2023 and drained $58.98 million worth of crypto from over 63,000 victims.
Scam sniffer also highlighted more than 10,000 fake websites that used MS Drainer. Even more surprising is how Scam Sniffer noted that about 60% of the phishing ads on X used the malicious program.
The activities of these scammers peaked around November (right in the heat of the crypto market’s rally), and have since declined to near zero.
There are currently no explanations for this decline in MS Drainer activity, but a likely cause may be that investors are becoming more vigilant.
Some of the scammer’s addresses have also been blacklisted by some crypto platforms, such as Zapper and Lido, leading to these addresses being useless to hackers.
So far, MS Drainer is not the only wallet drainer service that has plagued the Web3 ecosystem.
In November the developer of Inferno, another wallet drainer that stole more than $80 million from victims, announced that they were retiring the service and donating some of the proceeds to charity on Telegram.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.