Cybercriminals are becoming increasingly adept at stealing cryptocurrency from unsuspecting users. In the latest wave of cybercrime, over $4 million has been stolen from cryptocurrency users through phishing sites promoted on Google Ads.

These fraudulent websites mimic legitimate crypto platforms, and the scammers trick users into providing login credentials, private keys, and other sensitive information. Once they gain access to the user’s cryptocurrency wallet, they steal their digital assets.

According to anti-scam service provider ScamSniffer, many malicious advertisements for phishing websites are visible on Google Ads searches.

These cybercriminals have seen a 276% profit from their illegal activities in the past month alone. They have targeted several decentralized finance protocols, websites, and brands, including DefiLlama, Lido, Orbiter Finance, Radiant, Stargate, and Zapper.

DeFi users are particularly vulnerable as it is challenging to identify when they have clicked on malicious links due to slight changes to official URLs.

For example, scammers use malicious advertisements from Zapper to obtain authorization of $SUDO through a Permit signature, which many wallets do not have clear risk warnings for.

Ordinary users may think it is a normal login signature and sign it without thinking twice. This highlights the importance of being cautious and vigilant when accessing crypto platforms and websites.

To protect themselves from these cybercriminals, users must check the authenticity of the website, URLs, and promotional advertisements before entering sensitive information.

They must also verify that the website has a secure HTTPS connection, look for verified social media accounts, and use two-factor authentication to protect their crypto assets.

As the number of scams and phishing attacks continues to rise, it is crucial to stay informed and adopt best practices to protect yourself from cybercriminals.