Beware of Google Ad “Phishing Attacks”! Over 60,000 People Fall Victim, Losing $60 Million.

Web3 anti-scam platform Scam Sniffer released a report yesterday (21st), stating that a wallet hacker (Wallet Drainer) has stolen nearly $60 million from over 60,000 users in the past 9 months through phishing ads on Google search and the X platform.
(Prior Summary:
Google search phishing attacks surged! “3,000 people hooked”, over $4 million in encrypted assets stolen)
(Supplementary Background:
Beware! Multiple Web3 projects Discord, X accounts hacked, do not click on phishing links)
Table of Contents:
Beware of clicking on Google and X ads
Largest victim losses exceed $24 million
Beware of phishing scams
Web3 anti-scam platform Scam Sniffer released an analysis on wallet asset theft (Wallet Drainer) yesterday, stating that in the past year, attackers have caused significant losses through phishing ads distributed via DNS attacks, email spam, etc.
Among them, Scam Sniffer specifically pointed out that a hacker, solely through recommended ads on Google and social platform X (formerly Twitter), has stolen nearly $60 million from 63,210 victims in just the past 9 months.
Beware of clicking on Google and X ads
Scam Sniffer discovered this wallet hacker as early as March this year, and by the end of April, Scam Sniffer officially captured their criminal records in Google ads.
Furthermore, in late June, the security team ZachXBT shared a set of phishing ads called “Ordinals Bubbles” on the X platform with Scam Sniffer, and analysis showed that the attacker behind these phishing ads was the same person as the aforementioned Google ads.
According to Scam Sniffer’s latest tests on X platform ads, almost all ads involve phishing scams. Out of the 9 samples tested, 6 were related to this hacker, accounting for over 60%. There is suspicion that an organized group is behind these malicious activities.
Largest victim losses exceed $24 million
Scam Sniffer pointed out that during the 9-month monitoring period, over 10,000 websites related to this wallet hacker experienced their peak activities in May, June, and November. The largest victim, 0x13e382dfe53207e9ce2eeeeab330f69da2794179e, lost over $24 million, while the second largest victim, 0x5197da90fb01040a1896a92616ecdfb5765b1134, suffered losses of nearly $1.2 million.
Scam Sniffer added that hackers of this type often use geolocation and page switching strategies to bypass ad platform audits. They also use redirection techniques to appear legitimate, such as disguising links as official domain names that actually lead to phishing websites. This makes users more vulnerable to intrusion.
Notably, Scam Sniffer even found information on a forum where this hacker was selling their services, and they mentioned that unlike other wallet hackers who provide hosting services and charge a 20% fee, they openly sell their source code and additional value-added services.
Beware of phishing scams
Finally, Scam Sniffer pointed out that ads have become an important means for online phishing scammers to steal user funds. Through Google search terms and usage habits on the X platform, hackers can accurately target specific audiences, allowing them to launch sustained online attacks at very low costs.
Therefore, users need to be particularly cautious about ads on major online platforms, including Google and X. Always remain vigilant before signing anything to avoid financial losses.