‘MS Drainer’ Fraudsters Used Google Ads To Skim $59M In Crypto: Report

'MS Drainer' Fraudsters Used Google Ads To Skim $59M In Crypto: Report


Fraudsters have used a wallet draining service called “MS Drainer” to extort nearly $59 million from victims over the past nine months, according to a Dec. 21 report by X (formerly Twitter), a blockchain security platform fraud sniffer. The scammers used Google Ads to target victims of popular crypto websites including Zapper, Lido, Stargate, Defilama, Orbiter Financial and Radiant.

Wallet leaks are blockchain protocols that allow fraudsters to transfer crypto from victim to attacker without their consent, usually by using a token approval process. Developers often charge a percentage of their profits for using their plumbing software, and this fee is enforced by smart contracts, making it impossible to avoid.

Related: Rose, PC, Venom, Inferno – Coming drains for a crypto wallet near you

Scam Sniffer first became aware of MS Drainer in March. At the time, the SlowMist security platform team assisted with the investigation. In June, on-chain sleuth ZachXBT provided further evidence, exposing a phishing scam called “Ordinal Bubbles” linked to the drain. The investigators found 9 different phishing ads on Google, 60% of which used malware.

okex

Under normal circumstances, Google uses auditing systems to prevent the posting of phishing ads. However, Scam Sniffer said the fraudsters used “regional targeting and page redirection tactics” to bypass ad audits, complicate the review process, and get their ads through Google's quality control systems.

The fraudsters used web redirection to trick Google users into linking to official websites. For example, the spoof site cbridge.ceiler.network that contains a misspelling of the word “Celer” is changed to the correct URL: cbridge.celer.network. Although the correct spelling appeared in the ad, the link redirected the user to the misspelled scam site.

An example of the MS Drainer scam redirect. Source: Fraud Sniffer

Scam Sniffer reported finding 10,072 fake sites that used MS Drainer. The drainage activity reached a peak in November and did not approach zero thereafter. According to Dunn's Analytics dashboard, which is designed to track crypto withdrawals worth $58.98 million to more than 63,000 victims during its operation.

Further investigation revealed that the developer of MS Drenor used an unusual marketing strategy. While most wallet drains charge a percentage of the cheater's profits, this one was sold on the forums for a reasonable fee of $1,499.99. If the cheater wanted more features, the developer offered them additional “modules” for $699.99, $999.99, or similar sums.

25d818c9 c55a 42a4 ab15 bc396c66b861
MS Drainer ad. Source: Fraud Sniffer

Wallet leaks have become a major problem in the Web3 ecosystem. In the year On November 26, the developer of the “Inferno” leak said he was retiring after successfully stealing more than $80 million from victims over the software's lifetime. In March, a similar retirement announcement by the “Monkey Drainer” developer successfully stole up to $13 million.



Leave a Reply

Pin It on Pinterest