Some crypto investors have been tricked into clicking on fake ads that made it to the top of crypto-investment search results.

Over the past weekend, hundreds of thousands of dollars’ worth of cryptocurrency were stolen from wallets by scammers, according to a report from Check Point Research (CPR).

Using Google ads that imitated popular wallets and platforms, such as Phantom App, MetaMask and Pancake Swap, scammers had lured their victims to click on malicious links directing them to various phishing websites that copied the brand and messaging of the original wallet website.

From there, the scammers then tricked their victims into giving up their wallet passphrases (or will provide them with a new passphrase for their newly-created wallet, setting the stage for wallet theft).

According to CPR, phishing campaigns traditionally originate in email. In what appears to be a new trend, multiple scamming groups are now bidding for wallet-related keywords on Google Ads, using Google Search as an attack vector to target victims’ crypto wallets.

Each of the 11 compromised wallet accounts investigated by the firm contained between US$1,000 and US$10,000, and were brought to light when the victims used Reddit forums to seek information and help. By then, the scammers would have already withdrawn some of the funds: over US$500k was stolen over the past weekend.

According to Oded Vanunu, Head of Products Vulnerabilities Research, CPR: “I believe we’re at the advent of a new cybercrime trend where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email. In our observation, each advertisement had careful messaging and keyword selection, in order to stand out in search results. The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets.”