The latest reports revealed that cryptocurrency scammers managed to steal more than $400,000 from DeFi investors through fake Google Ads leading to fraudulent copies of popular Uniswap websites.
With the increasing adoption of decentralized finance, more hackers and scammers turn to the internet for launching crypto-related attacks, including those based on paid search ads promoting malicious protocols or websites. In many cases, attackers purchase paid ads targeting victims who want to invest money in a promising DeFi project, but end up losing all their funds due to scams.
How the Fake Google Ads Crypto Scam Was Done
It looks like the cybercriminals behind the recent attack tried using two different approaches to fool DeFi users into connecting their crypto wallets to malicious websites. On one hand, the attackers could have purchased sponsored search ads pointing to scam websites that imitate actual Uniswap sites. On the other hand, scammers could have utilized their compromised search ads’ accounts to push fraudulent links higher up in the search results. Both these approaches are very effective in terms of making fake pages look legitimate and convincing potential victims to connect their crypto wallets and approve malicious transactions or signatures.
DeFi Victims Are Easy Targets for Cybercriminals
As it was reported recently, self-custody crypto users remain prime targets for cyberattacks. Transactions made by such users cannot be reversed and, therefore, attackers do not face any problems draining their accounts as soon as they obtain malicious signatures from the victim.
How Crypto Users Can Protect Themselves Against Phishing Attacks
There are several things that DeFi investors should do in order to minimize the risks of falling prey to various types of crypto scams:
- Avoid sponsored search ads promoting DeFi websites and services.
- Save links to legitimate platforms as favorites or bookmarks, instead of looking for them every time.
- Make sure the URL corresponds to an official platform.
- Do not rush into approving any crypto transaction and check permissions required by each operation carefully.
Why It Is Important
As the example above shows, even legitimate platforms can fall victim to cyberattacks. By compromising advertising accounts, scammers can launch successful phishing attacks and get millions of dollars from unsuspecting crypto investors.
