The crypto sector, which currently holds a market cap of $1.66 trillion (roughly Rs. 138,06,635 crore, is no new hotspot for cyber criminals to lurk around. With new tools and applications, notorious cyber actors often find their way into crypto protocols only to steal these digital assets. One such latest tool being used by these hackers is called the ‘drainer’. Recent reports from research platforms have shown that these drainers are being promoted via advertisements on Google and X.
Over ten thousand phishing websites have been identified to be using the ‘MS Drainer’ — many of which are surfacing as ads on Google and X, said a report by Bleeping Computer.
With the use of this drainer, crypto hackers have reportedly been able to rob 63,210 victims so far and have managed to get away with a stolen wealth of $59 million (roughly Rs. 490 crores) between March and November this year.
What is a ‘Drainer’?
A drainer is essentially a smart contract that is whipped up with malicious coding to target crypto protocols. A complete suite designed for phishing, these drainer tools can help their deployers get sneaky access into the target’s crypto wallet.
These drainers are enveloped in phishing websites, that appear to be legitimate. Once unsuspecting crypto community members click on these phishing websites, these drainers can enter crypto wallets linked to the victim’s identity.
This lets the hacker process unauthorised transactions and transfers the victim’s asset into any other wallet.
The source code to design these drainer toolkits is being sold for $1,500 (roughly Rs. 1.24 lakh) by somebody who goes by the name of ‘Pakulichev’ or ‘PhishLab’, said the report by Bleeping Computers.
Advertisements to Lookout and Beware of
On Google, advertisements that may be hidden phishing websites could be around keywords like Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. On X (formerly Twitter), these drainer ads are even more widespread, luring users via fake NFT and token drop announcements, among other tactics.
Time and again, these tech giants have been informed about malicious crypto ads swarming on their platforms.
In April this year, ScamSniffer, a cyber security service claimed that crypto investors have lost up to $4 million (roughly Rs. 35 crores) by engaging with hoax links, sprawled all over the web. This information was extracted from analysing Google Ads data.
2/ :male-detective: Investigation into the keywords used by victims has uncovered numerous malicious ads at the forefront of search results.
Most users, unaware of the deceptive nature of search ads, click on the first available option, leading them to malicious websites. #Cybersecurity pic.twitter.com/kKtomcn3SB
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) April 27, 2023
Back in October 2022, Binance CEO Changpeng Zhao called Google out for not getting rid of scam sites from search results, thus exposing people to financial exploits daily.