Cryptocurrency scammers exploit MS Drainer to siphon $59 million: Details

Scammers have orchestrated a sophisticated operation using a cryptocurrency wallet-draining service known as “MS Drainer,” extracting a staggering $59 million from approximately 63,210 victims over the past nine months. The modus operandi involves leveraging Google and Twitter ads to lure unsuspecting users into fake versions of popular crypto sites.

Blockchain security platform Scam Sniffer uncovered the elaborate scheme, revealing that scammers targeted victims with counterfeit versions of well-known crypto platforms, including Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient. These malicious actors utilized Google Ads, exploiting a variety of tactics to evade detection.

🚨1/ Alert: A ‘Wallet Drainer’ has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months. pic.twitter.com/ye3ob2uTtz
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 21, 2023

Bypassing Google’s defenses

Despite Google’s auditing systems in place to prevent phishing scams, the scammers employed regional targeting and page-switching tactics to bypass ad audits successfully. This maneuver allowed their ads to sidestep Google’s quality control systems, exposing users to fraudulent schemes.

The scammers further manipulated users through web redirects, creating an illusion of legitimacy by altering URLs. For instance, the scam site “cbridge.ceiler.network” mimicked the correct URL “cbridge.celer.network,” despite the misspelling. During their investigation, Scam Sniffer identified 10,072 fake sites utilizing MS Drainer.

Investigations into MS Drainer unveiled an unconventional marketing strategy employed by its developer. Unlike typical wallet-drainers that charge a percentage of ill-gotten gains, MS Drainer was sold on forums for a flat fee of $1,499.99. Additional “modules” with enhanced features were offered at varying prices, ranging from $699.99 to $999.99.

X (Twitter) also played an unwitting role in this operation. ScamSniffer reported that six out of nine phishing ads on Twitter promoted MS Drainer, with some posted from verified accounts. The ads utilized themes such as “Ordinals Bubbles,” promoting a limited-edition NFT collection and employed geofencing to target specific regions, further evading detection.

Security implications for users

With these malicious campaigns becoming increasingly sophisticated, users are urged to exercise caution when encountering cryptocurrency-related ads. The prevalence of scams on reputable platforms underscores the need for thorough due diligence before engaging with new platforms or connecting wallets.

In conclusion, the emergence of MS Drainer highlights the evolving landscape of cryptocurrency scams, necessitating heightened vigilance from users and continued efforts from platforms to enhance security measures. Stay informed, stay secure!

Source: https://www.cryptopolitan.com/crypto-scammers-ms-drainer-siphon-59-million/