Web 3.0 phishing scammers stole $3 million on Christmas

Web 3.0 criminals have managed to steal approximately $3 million worth of cryptocurrencies within a span of 24 hours on December 25, using Google Ads to promote fraudulent websites with wallet-draining software.

A tool named MS Drainer was used by scammers to abscond with $59 million in cryptocurrency throughout 2023. Scam Sniffer, a Web 3.0 security research organisation, has identified a pattern where scammers exploit Google Ads to lure unsuspecting users into phishing websites of prominent Web 3.0 platforms. The websites including Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient were duplicated to conduct the scam.

Scam Sniffer noted a surge in new instances of phishing websites linked to the same malevolent actors within their scam repository. The firm confirmed that the $3 million loss was incurred through a combination of WBTC, aPolUSDT, aUSDC, and USDT, as evidenced by shared screenshots.

The recent wave of phishing attacks serves as a stark reminder for participants in the cryptocurrency world to exercise heightened vigilance. Users are urged to meticulously authenticate the legitimacy of websites and transactions facilitated through their Web3 wallets.

According to a study by AAG IT services, 3.4 billion spam emails are sent every day to users around the world. More than 55 per cent of phishing websites use targeted brand names to capture sensitive information with ease, according to the F5 Labs Phishing and Fraud Report of 2020.  Studies suggest that stolen credentials are the most common cause of data breaches.