Phishing scams have ramped up their operations over the last few months, stealing millions of dollars worth of crypto through malicious ads on popular platforms like Google and X.

According to an analysis by ScamSniffer, a wallet drainer malware script was linked to phishing campaigns that drained around $58 million from 63,000 victims over the last nine months.


A wallet drainer works by tricking users into authorizing malicious transactions that end up draining the assets in their crypto wallets. This typically happens when users click malicious links in false advertisements that are actually phishing scams. 

Some examples of these recent phishing scams that utilize the wallet drainer include a cluster of X phishing ads called “Ordinals Bubbles” and fraudulent links to popular crypto platforms like DeFiLlama and Lido. 

These phishing ads have turned even more sophisticated, employing redirect tricks that appear legit as official domains, but actually lead to phishing websites.

“By targeting specific audiences through Google search terms and the following base of X, they can select specific targets and launch continuous phishing campaigns at a very low cost,” said ScamSniffer.

Unlike other wallet drainers that charge a 20% fee of the scammers’ profits, the developers of this malware sell the source code for a flat fee and additional value-added modules as extras.

The frequency of wallet draining scams has increased over the last few months, with the perpetrators behind the software largely remaining anonymous. Last month, Unchained reported that “malware-as-a-service” platform Inferno Drainer had shut down after helping scammers steal $70 million worth of crypto.