Check Point Research (CPR) has warned of scammers who steals crypto wallets using Google Ads. Many people have become victim of such scam. Scammers are placing advertisements at the top of ‘Google Search’ that imitate popular wallet brands, such as Phantom and MetaMask, to trick users into giving up their wallet passphrase and private key.

Each advertisement contains a malicious link that, once clicked, redirects a victim into a phishing website that copies the brand and messaging of the original wallet website. From here, the scammers tricks their victims into giving up their wallet passwords, setting the stage for wallet theft.

CPR has estimated that over $500 thousand worth of crypto has been stolen in just few days. The research firm has also shared screenshots of the malicious Google Ads and phishing websites that navigated victims into theft. As such, CPR has urged the crypto community to stay on high-alert.

Traditionally, phishing campaigns originate in email. However, in what appears to be a new trend, multiple scamming groups are now bidding for wallet-related keywords on Google Ads, using Google Search as an attack vector to target victims’ crypto wallets.

CPR has found 11 compromised wallet accounts, each of them containing $1,000 to $10,000. By cross-referencing Reddit forums where victims voiced their theft, CPR estimates that over $500,000 was stolen over the past weekend.

Commenting on the scams taking place, Oded Vanunu, head of products vulnerabilities research, Check Point, said, “In a matter of days, we witnessed the theft of hundreds of thousands of dollar worth of crypto. We estimate that over $500 thousand worth of crypto was stolen this past weekend alone. I believe we are at the advent of a new cyber-crime trend, where scammers will use ‘Google Search’ as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email. In our observation, each advertisement had careful messaging and keyword selection, in order to stand out in search results. The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets. Unfortunately, I expect this to become a fast-growing trend in cyber-crime. I strongly urge the crypto community to double check the URLs they click on and avoid clicking on Google Ads related to crypto wallets at this time.”