Google is under scrutiny for allegedly promoting a deceptive cryptocurrency website via its Google Ads platform. The website, designed to mimic Whales Market, an over-the-counter cryptocurrency platform, directs users to a phishing clone that siphons off users' cryptocurrency holdings. According to reports by BleepingComputer, threat actors have exploited Google Ads to display sponsored links leading to fake versions of Whales Market at the top of Google search results.
Despite presenting a seemingly legitimate domain address on the search results page, users are redirected to [www.whaels.market] instead of the authentic [www.whales.market]. Malicious actors have also registered multiple domain names closely resembling Whales Market, such as [www.whaless.market], which is already inactive.
The counterfeit Whales Market website replicates the interface of the genuine platform, luring users into connecting their digital wallets. However, once users proceed, a malicious script is activated, pilfering cryptocurrency from their wallets. This incident adds to a series of similar scams involving scammers exploiting Google platforms to perpetrate fraudulent activities.
Previous instances include the theft of nearly $900,000 worth of cryptocurrency from billionaire investor Mark Cuban's hot wallet by an unidentified hacker, and scammers using a wallet-stealing service named "MS Drainer" to pilfer approximately $59 million in cryptocurrency from victims over nine months. Scammers have also targeted victims with fake versions of popular crypto platforms like Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient through Google Ads.
While the identity of the perpetrators behind the recent phishing campaign remains unknown, Google appears to be taking steps to combat such scams. In April, the tech giant filed a lawsuit against Chinese citizens Sun Yunfeng and Zhang Hongnan, accusing them of defrauding individuals with false cryptocurrency investments via the Google Play Store. The prevalence of wallet churn has emerged as a significant concern in the Web3 ecosystem, with instances like the retirement of the developer of the "Inferno" drainer, who claimed to have illicitly obtained over $80 million, and the retirement of the developer of Monkey Drainer, a game responsible for stealing an estimated $13 million.
