Crypto News- In a recent revelation on X (previously Twitter), blockchain security firm Scam Sniffer exposed a highly sophisticated scam orchestrated through a malicious tool named “MS Drainer” scammers, resulting in the unlawful siphoning of approximately $59 million in cryptocurrency over the past nine months. The scammers employed cunning tactics, utilizing Google Ads to target unsuspecting victims with forged replicas of popular crypto platforms, including Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient, as meticulously outlined in the report.
Crypto Heist: MS Drainer Scammers Swipe 59M Dollars via Google Ads
Wallet drainers, a category of blockchain protocol, empowered the scammers to clandestinely transfer crypto assets from victims to attackers without their knowledge, often exploiting vulnerabilities in the token approval process. Typically, developers demanded a percentage of the ill-gotten gains in exchange for granting access to their drainer software, and this fee was enforced through smart contracts, rendering evasion virtually impossible.
The MS Drainer saga unfolded in March when Scam Sniffer initially detected its nefarious activities. The investigation was subsequently bolstered by the collaboration of the SlowMist security platform team, and in June, on-chain investigator ZachXBT unearthed evidence linking the drainer to a phishing scam named “Ordinal Bubbles.” Notably, the investigators pinpointed nine distinct phishing ads on Google, with a substantial 60% utilizing the malevolent MS Drainer.
Despite Google’s robust auditing systems designed to thwart phishing scam ads, the scammers ingeniously deployed “regional targeting and page-switching tactics” to elude ad audits, complicating the review process and enabling their ads to slip through Google’s quality control systems.
Another cunning ploy employed by the scammers involved web redirects, misleading Google users into believing that the provided links led to legitimate websites. For instance, the sham site cbridge.ceiler.network, deliberately misspelling “Celer,” masqueraded as the authentic URL cbridge.celer.network. Despite the correct spelling being displayed in the ad, unsuspecting users were redirected to the misspelled scam site.
Web3 Crypto Scam Unveiled: 59 Million Dollars Heist Using ‘MS Drainer
Scam Sniffer disclosed the staggering revelation of 10,072 counterfeit sites utilizing MS Drainer, with its peak activity observed in November and subsequently tapering off. According to insights from a Dune Analytics dashboard monitoring its operations, the drainer successfully drained a colossal $58.98 million worth of crypto from more than 63,000 victims.
Further scrutiny into the matter unveiled an unconventional marketing strategy employed by the MS Drainer developer. In a departure from the norm where most wallet drainers charge a percentage of scammers’ profits, MS Drainer was discreetly peddled on forums for a flat fee of $1,499.99. Additional features, termed “modules,” were available at varying price points such as $699.99, $999.99, or similar sums, catering to the diverse needs of potential scammers.
The pervasive issue of wallet drainers continues to plague the Web3 ecosystem. Notably, on November 26, the developer of the “Inferno” drainer declared retirement after successfully pilfering over $80 million, and in March, the developer of “Monkey Drainer” announced retirement following the successful embezzlement of an estimated $13 million.
Leave a comment