June 26, 2022

TheCyberThrone

Thinking Security ! Always

Malicious Google Ads lead to Crypto Drain

Hackers used malicious Google ads to trick users into giving up their private key to steal their cryptocurrency. 

The cybercriminals targeted people who hold UST, a popular cryptocurrency that aims to remain pegged to the U.S. dollar from the Terra blockchain so-called stablecoin currently vying for dominance in decentralized finance, or DeFi.

Advertisements

The hackers have stolen $4.31 million from 52 wallets, which they hacked between April 12 and April 21. Knownsec posted a Terra address that the company says is linked to the hack, which contains 4,111,901 UST tokens ($4,111,901) and 2,089 LUNA tokens part of the Terra ecosystem worth $197,269.

A malicious ad targeting Terra users is the first result when searching “Terra bridge” on Google. The URL on the ad appears to match the real Terra bridge URL, which is bridge.terra.money. But once one clicks on it, instead of going to bridge.terra.money, the user is redirected to bridge.terra.momey.biz. 

That site is currently flagged as “deceptive” by Google and closely resembles the real Terra bridge website, and immediately presents the user with a pop-up asking them to connect their wallet.

These malicious ads targeting various aspects of the Terra/Luna ecosystem have plagued investors for months. These phishing attacks show how hackers are getting creative in targeting people who hold crypto. They also show it’s possible to steal millions in crypto even without hacking the crypto company or project directly.

%d bloggers like this: