Over the past nine months, scammers have exploited a wallet-draining service called “MS Drainer” to siphon approximately $59 million worth of cryptocurrency from numerous victims, as reported by blockchain security firm Scam Sniffer.
This scam was orchestrated through Google Ads, targeting victims by presenting counterfeit versions of popular crypto platforms such as Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient.
Wallet-drainers are specialized pieces of software designed to facilitate the unauthorized transfer of cryptocurrency from a victim’s wallet. These malicious programs operate as blockchain-based smart contracts and may even charge a portion of the ill-gotten gains as a fee, which often goes back to the developers behind the scam.
‘MS Drainer’ first identified in March
According to Scam Sniffer’s report, the identification of MS Drainer began in March of this year, with assistance from the SlowMist security platform during the investigation.
To evade Google’s ad audits, the scammers employed regional targeting and page-switching tactics, allowing them to post counterfeit ads as part of a phishing scam.
In addition, the scammers utilized web redirects, misleading users by redirecting them to pages that gave the false impression of being official websites for popular crypto platforms. This multi-faceted approach aimed to deceive users and facilitate the success of the phishing scam.
63,000 victims
In total, Scam Sniffer identified 10,072 fake sites utilizing MS Drainer, reaching its peak activity in November before subsequently declining. Throughout its operation, this drainer managed to extract nearly $59 million worth of cryptocurrency from over 63,000 victims. The scale and impact of the phishing scam underscore the significant challenges posed by such fraudulent activities in the cryptocurrency space.
Scamming as a service
Remarkably, the developer of MS Drainer opted to sell the scamming tool on forums for a fixed fee. According to the report, the price for the tool was set at $1,499.99, with additional “modules” available at different prices. This approach highlights the commercialization of malicious tools in the cybercriminal underworld, where developers seek to profit by providing such software to others who may exploit it for fraudulent activities.