Key facts: Thefts of crypto assets for USD 4.3 million in Terra occurred in ten consecutive days.

Ads in Google searches may include phishing attempts.

When you search for something on Google, you should be careful with the first results that appear, since they are usually paid ads and can be scams. This week, users of the Terra network suffered a hack that caused total losses of USD 4.3 million. The hackers used precisely that technique.

According to the Twitter account Slowmist, The thefts of funds occurred between April 12 and 21. A single address received the ill-gotten crypto assets in 52 different transactions.

In order to perpetrate the crime, the attackers resorted to the phishing method, which consists of luring the user to a malicious site and tricking him into handing over control of his funds. All this always under the illusion of operating on a legitimate and secure site, even if it is not.

In this particular case, used Google ads to drive people to corrupted links related to the Terra network and its decentralized finance (DeFi) protocols, such as Anchor, Nexus, and Astroport Finance. Precisely with these terms the searches that ended in these attacks were related.

At the end of this note, the ads had already been removed, but they can be seen in this screenshot shared on the publication SlowMist.

Malicious sites often try to look like the domains of real sites. Source: @Slowmist/ Twitter

What is misleading in these cases is that the links of the first results in the search engine look “normal”, although they differ slightly from the real one and usually change when you click on them. These fake URLs lead to a site that asks the user to connect their Terra wallet. It is at this point that the hack occurs, as they are asked to enter their seed phrase instead of simply connecting to the site.

Attackers often use “trendy” or well-known platforms to have a higher flow of searches. This, along with paying to appear in the ads, allows them to rank higher in search engine results.

Terra, the central theme of the attack in question, is a network on which a multitude of decentralized finance protocols have been developed, of which Anchor Protocol is the main exponent. The total value locked on the platforms of this network according to defillama.com is more than USD 29.6 billion.

Other phishing attacks through ads

This episode with Terra is far from the first in which Google Ads, Google’s advertising service, is used to scam cryptocurrency users. In November 2021, without going any further, CriptoNoticias reported on a similar case in which users of Metamask and Pancake Swap were affected. The theft of funds exceeded USD 500,000.

Earlier, in 2020, the CoinCorner company had reported that a phishing attack had tried to impersonate its identity on the internet to attract its users and swindle them. Recently, this newspaper also reported on attempted attacks phishing via emails posing as Bitcoin wallets.

With all this, it is clear that caution is a fundamental value when operating with cryptocurrencies and platforms related to them. There are various types of scams out there, and a simple mistake can cost you dearly.