A diagram showing the differences between Web 2.0 and Web 3.0, as well as the MS Drainer scammers who used Google Ads to swipe $59M in crypto.
‘MS Drainer’ scammers used Google Ads to swipe $59M in crypto: Report

Web 3.0 Exploited to Steal Crypto

The blockchain security platform Scam Sniffer reported on Dec. 21 that scammers used a wallet draining service called “MS Drainer” to steal approximately $59 million in crypto from victims over the past nine months. The scammers used Google Ads to target victims with fake versions of popular crypto sites, such as Zapper, Lido, Stargate, DefiLlama, Orbiter Finance and Radient.

Wallet drainers are blockchain protocols that allow scammers to transfer crypto from a victim to the attacker without their consent. Developers usually charge a fee for using their drainer software, enforced through smart contracts. In March, the SlowMist security platform team first identified MS Drainer. In June, on-chain sleuth ZachXBT provided further evidence, uncovering a phishing scam called “Ordinal Bubbles” linked to the drainer.

Scam Sniffer found that the scammers used “regional targeting and page-switching tactics to bypass ad audits” and get their ads past Google’s quality control systems. This allowed them to exploit Web 3.0, the latest iteration of the internet, to their benefit.

What is Web 3.0?

Scammers have been using web redirects to trick users into believing that links lead to legitimate websites. For example, the fraudulent website cbridge.ceiler.network, with a misspelled version of “Celer”, was disguised as cbridge.celer.network with the correct spelling displayed in the ad. However, the link still directed the user to the incorrect site.

According to a Dune Analytics dashboard, Scam Sniffer reported that it had identified 10,072 fake websites using MS Drainer. The activity of the drainer was at its peak in November, but has since decreased to nearly zero. It was estimated that the drainer had stolen crypto worth of $58.98 million from over 63,000 victims.

Investigations revealed that the developer of MS Drainer had adopted an unusual marketing strategy. Unlike other wallet drainers that charge a percentage of the scammers’ profits, this one was sold on forums for a fixed fee of $1,499.99. If a scammer wanted more features, the developer provided them with additional “modules” for $699.99, $999.99 or similar prices.

Wallet drainers have become a major issue in the Web3 ecosystem. On November 26, the developer of the “Inferno” drainer announced that they were retiring it after stealing more than $80 million from victims during its lifetime. In March, the developer of the “Monkey Drainer” also declared their retirement after having successfully stolen around $13 million.

Categorized in:

Tagged in: