fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Crypto Investors Lose $500,000 to Google Ads Pushing Fake Wallets

Crypto Investors Lose $500,000 to Google Ads Pushing Fake Wallets

​Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user’s cryptocurrency.

These advertisements promote sites that install fake Phantom and MetaMask wallets used for Solana and Ethereum, and fake decentralized exchange (DEX) platforms, such as PancakeSwap and Uniswap.

The deceptive operation is supported by cloned websites that look just like the real ones, so the visitors are convinced they are installing the legitimate wallet or using the correct platform.

Stealing funds and wallets

Researchers at CheckPoint saw a surge in relevant scamming reports over the past weekend, with numerous ads tricking victims into visiting various typosquatted domains.

Also Read: The DNC Singapore: Looking At 2 Sides Better

The ads promote websites with slight, hard-to-notice differences compared to the official domains, like “phanton.app” or “phantonn.pw,” compared to the legitimate domain of “phantom.app”.

Phantom Google Ad at the top of the search results
Phantom Google Ad at the top of the search results
Source: CheckPoint

When visiting one of these fake Phantom sites, users will be prompted to create a new wallet, including writing down a recovery phrase used to restore the wallet and a password to access.

Anyone who has this information can add a wallet to their own system and access any cryptocurrency stored within it.

Recovery phrase shared with the victim
Recovery phrase shared with the victim.
Source: CheckPoint

Once the victim finishes the setup process, they are redirected to the real Phantom wallet page, where they install the official Chrome plugin.

Also Read: 4 Best Practices On How To Use SkillsFuture Credit

Using the recovery phrase created by the attackers, they log in to the attacker’s wallet through the extension, thinking it’s theirs. Any cryptocurrency transferred into that wallet is now also accessible by the threat actors, who can transfer it to other wallets under their control.

CheckPoint discovered that the actors created several wallets under the same account, corresponding to multiple victims, and received notable amounts every couple of hours.

Stolen transactions going straight to the actors.
Stolen transactions are going straight to the actors.
Source: CheckPoint

In a malicious advertising campaign that impersonates MetaMask, the actors aren’t only trying to divert Ethereum transactions to their wallets and target any assets the victims may already hold.

For this purpose, the cloned websites offer an additional “Import wallet” function, which is attempts to steal the victim’s private key, which is all that’s needed for the actors to take control of the wallet.

MetaMask phishing site stealing private keys
MetaMask phishing site stealing private keys
Source: CheckPoint

Similarly, the advertisements were also promoting fake decentralized exchanges, such as Uniswap that would prompt users to connect their wallet and enter their recovery phrase.

Fake Uniswap asking for wallet's recovery phrase
Fake Uniswap asking for wallet’s recovery phrase
Source: CheckPoint

Like the MetaMask scam, once a user enters their recovery phrase, the threat actors would import the wallet into their own systems and its stored cryptocurrency.

Protecting your cryptocurrency wallets

While these advertisements have since been taken down by Google, there is nothing to say that new ones will not be added in the future.

For this reason, to keep your investments safe from these scams, you should follow these basic guidelines:

  • Never enter your passphrase/private key on any site or share it with anyone. Your recovery passphrase is only required when installing a new or adding it to another device.
  • Always double-check the URLs you have landed on before entering any credentials.
  • When searching for wallet apps on Google Search, make sure that you are clicking on website results and not on promoted ads.
  • Always take your time to evaluate any signs of fraud, and never jump into action when met with sensitive data requests.

Unfortunately, if you fall for one of these scams, there is no way to recover cryptocurrency stolen in this manner. Therefore, you must pay close attention to the above guidelines to safeguard your funds and prevent them from being stolen.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us