Report Reveals $59 Million Crypto Theft by ‘MS Drainer’ Scammers via Google Ads

Report Reveals $59 Million Crypto Theft by 'MS Drainer' Scammers via Google Ads

Scammers, over the last nine months, managed to steal around $59 million in cryptocurrency using a tool called “MS Drainer.” As reported on December 21 by Scam Sniffer on X (formerly Twitter), a blockchain security platform, scammers utilized Google Ads to trick victims into accessing fake versions of well-known crypto websites like Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient.

Wallet drainers refer to blockchain protocols enabling scammers to move crypto from a victim to the attacker without consent, typically by exploiting the token approval process. Developers commonly levy a percentage of the profit for the use of their drainer software, and this fee is embedded in smart contracts, ensuring it cannot be circumvented.

Scam Sniffer initially detected MS Drainer in March, with assistance from the SlowMist security platform team during the investigation. In June, on-chain investigator ZachXBT presented additional evidence, revealing a phishing scam named “Ordinal Bubbles” associated with the drainer. The investigators identified nine distinct phishing ads on Google, of which 60% were found to employ the malicious program.

In standard circumstances, Google employs auditing systems to prevent the posting of phishing scam ads. However, Scam Sniffer found that the scammers used “regional targeting and page-switching tactics to bypass ad audits, complicating the review process” and allowing their ads to get through Google’s quality control systems.

Furthermore, the scammers utilized web redirects to deceive Google’s users by making them believe that links led to official websites. For example, the scam site, which contains a misspelling of the word “Celer,” was disguised as the correct URL: Despite the correct spelling being displayed on the ad, the link nevertheless redirected the user to the incorrectly spelled scam site.

MS Drainer scammers
Example of an MS Drainer scam redirect. Source: Scam Sniffer

Scam Sniffer reported the identification of 10,072 fraudulent sites utilizing MS Drainer. The drainer’s activity reached its peak in November but has since sharply declined to nearly zero. Throughout its operations, it siphoned $58.98 million worth of crypto from over 63,000 victims, as indicated by a Dune Analytics dashboard established to monitor its activities.

Upon further investigation, it was revealed that the developer of MS Drainer adopted an unconventional marketing approach. Unlike most wallet drainers that charge a percentage of scammers’ profits, this particular one was available for a flat fee of $1,499.99 on forums. Additionally, for those seeking additional features, the developer offered supplementary “modules” at prices such as $699.99, $999.99, or similar amounts.

MS Drainer scammers
Advertisement for MS Drainer. Source: Scam Sniffer

Wallet drainers pose a notable challenge within the Web3 ecosystem. On November 26, the developer of the “Inferno” drainer declared its retirement, having successfully appropriated over $80 million from victims throughout its existence. In March, a similar announcement of retirement was made by the developer of “Monkey Drainer,” which had successfully stolen an estimated $13 million up to that point.

Table of Contents

Share This Article:

Chi Do
Chi Do
Chi Do is a content writer at CoinMinutes, responsible for creating most of the content on the website, including news related to Bitcoin (BTC), Ethereum (ETH), Blockchain, Decentralized Finance (DeFi), and more. With a keen interest in cryptocurrencies since the 2020s, Chi has acquired extensive experience and knowledge in this field. Chi holds a Bachelor's degree in communication from Academy of Journalism and Communication in Vietnam.

Related Post