SlowMist – a blockchain security firm – has identified dozens of crypto addresses that have appeared to fall victim to a phishing scam on the Terra network since April 12th. The scammer’s address has reportedly reeled in $4.31M in assets up until the time of writing.
According SlowMist’s explanation on Twitter, $4.31 million in assets were maliciously transferred to the suspect from 52 different addresses between April 12th and April 21st.
The security team’s analysis determined that the majority of attacks were conducted through google phishing ads.
A phishing ad is designed to lure a victim into providing sensitive information/ downloading malicious software, often using fraudulent messaging.
In this case, users seemed to have been caught by the scam when searching for popular Terra projects, including Anchor protocol and Astroport.
Anchor is a decentralized finance protocol for trading and borrowing, while Astroport is an automated decentralized exchange.
When searching for “Anchor protocol” or “Astroport”, Google’s first result presented realistic-looking ads that were actually scams. The domain names of each related site changed once users actually accessed their links.
The following screen for each ad prompted users to connect their wallets by providing their seed phrases.
Seed phrases are human-readable forms of private keys, which allow users to send funds from their related blockchain addresses. In general, one should never share their private key with anyone to whom they wish not to grant that access.
The SlowMist team now recommends that Terra users refrain from clicking any Google ad links.
On Sunday, MetaMask issued a warning to Apple users about phishing scams following the wallet’s integration with Apple Pay. With this, scammers that phish users’ iCloud credentials could potentially steal their crypto funds as well.