Web3 anti-scam platform Scam Sniffer sounded the alarm on a HyperSwap crypto phishing scam, the latest in a trend of threat actors using Google Ads to infiltrate unsuspecting victims’ wallets.
Scam Sniffer shared the warning in a post on X (formerly Twitter), revealing that the top Google search result for the decentralized HyperSwap exchange is actually a malicious sponsored ad that redirects users to a wallet-drainer site, emptying victims’ wallets within seconds.
The ad comes up at the top of search results because the scammers are sponsoring the Google Ad to rank in search results, boosting the link’s visibility and legitimacy. However, the problems start for unsuspecting visitors when they click the link.
Once on the site, users are prompted to connect their crypto wallets. The moment users grant permission, it runs malicious scripts in the background and drains users’ wallets of tokens without requiring explicit transaction approvals.
The exact number of affected users in this current attack isn’t yet public.
🚨 ALERT: Fake "HyperSwap" ads top Google search results right now!
⚠️ These phishing ads are designed to drain your wallet through malicious transaction signatures. pic.twitter.com/lmFKBhbrrX
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 6, 2025
HyperSwap phishing link reflects growing threat of wallet drainers
Wallet drainers aren’t exactly new in crypto and Web3. Some even go as far as promoting the platforms through marketing campaigns across various channels such as Google Ads and social media to present themselves as legitimate businesses and reach more people.
On April 26, Scam Sniffer also notified the public of a SolScan Google ad scam similar to the recent Hyperswap campaign.
A notable successful event that ran for about nine months was the MS Drainer scam, which drained the wallets of about 63,000 victims to the tune of approximately $59 million. The scammers were reportedly running ads on Google and X. These ads are often indistinguishable from legitimate results and remain active long enough to cause massive damage before being reported and taken down.
The scammers created and placed fake website versions of popular Web3 platforms such as Lido, Radiant, Zapper, and Defilami among others.
There are more cases where bad actors have weaponized ad platforms, and Scam Sniffer has reported many of those instances.
For example, in 2024, Scam Sniffer reported a fake Pudgy Penguins website, which was appearing as an ad on a news platform. The malicious ads targeting users curious about Pudgy Penguin were reportedly served through the Google Ad Network. It then loads a suspicious code that checks if the user has a Web3 wallet and then redirects the user to the fake Pudgy Penguin website.
The scale of the damage has prompted calls for strong industry response
According to a 2024 report, wallet drainer scams have led to more than $494 million in losses in 2024 alone, a staggering 67% increase from the previous year. Scam Sniffer reportedly identified over 332,000 drained addresses, which was 3.7% higher than what it recorded in 2023.
These incidents have renewed calls for stricter controls on digital ad platforms. Critics argue that companies like Google and X must enhance their ad verification processes and respond more swiftly to fraud reports.
Some platforms are already taking action, with Google implementing more stringent ad policies for crypto-related content. However, scammers often find workarounds by using cloaked links, spoofed domains, and burner accounts to keep the scam running for days before detection.
KEY Difference Wire: the secret tool crypto projects use to get guaranteed media coverage
