{"id":77965,"date":"2023-04-27T16:38:34","date_gmt":"2023-04-27T13:38:34","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=77965"},"modified":"2025-09-11T02:15:53","modified_gmt":"2025-09-10T23:15:53","slug":"phishing-ads-for-lido-defillama-and-zapper-led-to-theft-of-over-4-million","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/phishing-ads-for-lido-defillama-and-zapper-led-to-theft-of-over-4-million\/","title":{"rendered":"Phishing ads for Lido, DefiLlama and Zapper led to theft of over $4 million"},"content":{"rendered":"<p>Unknown attackers launched phishing ads for cryptocurrency projects in Google search, through which <a href=\"https:\/\/dune.com\/scamsniffer\/google-search-ads-phishing-stats\">\u043f\u043e\u0445\u0438\u0442\u0438\u043b\u0438 $4,16 \u043c\u043b\u043d<\/a>. This drew the attention of a Twitter user going by the handle Scam Sniffer.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/ ? A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.<br \/>ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites.<a href=\"https:\/\/twitter.com\/hashtag\/PhishingScams?src=hash&#038;ref_src=twsrc%5Etfw\">#PhishingScams<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/GoogleAds?src=hash&#038;ref_src=twsrc%5Etfw\">#GoogleAds<\/a> <a href=\"https:\/\/t.co\/vuKCgSuFnV\">pic.twitter.com\/vuKCgSuFnV<\/a><\/p>\n<p>\u2014 Scam Sniffer (@realScamSniffer) <a href=\"https:\/\/twitter.com\/realScamSniffer\/status\/1651452380385509377?ref_src=twsrc%5Etfw\">April 27, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Scam Sniffer, attackers mask malicious links as legitimate sites of various projects such as Lido, DefiLlama, Zapper, Stargate, Orbiter Finance and Radiant.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">2\/ ?\ufe0f\u200d\u2642\ufe0f Investigation into the keywords used by victims has uncovered numerous malicious ads at the forefront of search results.<br \/>Most users, unaware of the deceptive nature of search ads, click on the first available option, leading them to malicious websites. <a href=\"https:\/\/twitter.com\/hashtag\/Cybersecurity?src=hash&#038;ref_src=twsrc%5Etfw\">#Cybersecurity<\/a> <a href=\"https:\/\/t.co\/kKtomcn3SB\">pic.twitter.com\/kKtomcn3SB<\/a><\/p>\n<p>\u2014 Scam Sniffer (@realScamSniffer) <a href=\"https:\/\/twitter.com\/realScamSniffer\/status\/1651452383866818560?ref_src=twsrc%5Etfw\">April 27, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>After following the link, the site requests a wallet digital signature allegedly for authorization. In reality, this gives attackers access to the user&#8217;s funds.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"582\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/640-1024x582.png\" alt=\"640\" class=\"wp-image-205603\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/640-1024x582.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/640-300x171.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/640-768x437.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/640.png 1080w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>\u0414\u0430\u043d\u043d\u044b\u0435: Scam Sniffer.<\/figcaption><\/figure>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abMany wallets lack clear warnings about the risks of this type of signing. Users may think it is a routine login procedure and sign it,\u00bb explains Scam Sniffer.<\/p>\n<\/blockquote>\n<p>Analysts identified advertisers \u2014 ROMUS-POLIGRAF LLC (Ukraine) and TRACY ANN MCLEISH (Canada). The total value of the ads they ran is about $15,000.<\/p>\n<p>The attackers&#8217; activity peaked last month. By the time of writing, nearly 3,200 users had fallen victim to fraudulent sites, with losses totaling $4.16 million.<\/p>\n<p>Part of the proceeds from the largest addresses were sent to SimpleSwap and <a href=\"https:\/\/u1f987.com\/en\/news\/what-is-the-tornado-cash-mixer-and-why-was-it-sanctioned\">the Tornado Cash mixer<\/a>. Direct transfers to KuCoin, Binance and other exchanges were also recorded.<\/p>\n<p>According to Scam Sniffer, the attackers managed to bypass Google&#8217;s ad review by exploiting differences in domain-name parameters and by preventing page-cache debugging.<\/p>\n<p>In October 2022, <a href=\"https:\/\/u1f987.com\/en\/news\/binance-chief-warns-that-google-search-results-promote-phishing-sites\">reported<\/a> that Google search results promoted crypto-targeted phishing sites, according to Binance CEO Changpeng Zhao.<\/p>\n<p>In February, hackers stole <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-steal-300000-via-phishing-site-of-a-well-known-ethereum-conference\">$300,000<\/a> through a phishing site linked to a well-known Ethereum conference.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unknown attackers launched phishing ads for cryptocurrency projects in Google search, through which $4.16 million was stolen.<\/p>\n","protected":false},"author":1,"featured_media":77966,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1093,1246],"class_list":["post-77965","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-defi","tag-scammers"],"aioseo_notices":[],"amp_enabled":true,"views":"41","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=77965"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77965\/revisions"}],"predecessor-version":[{"id":77967,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/77965\/revisions\/77967"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/77966"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=77965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=77965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=77965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}