Web3 Anti-Scam Platform Snap Sniffer has sounded an alarm for HyperSwap Crypto Phishing Scam. This is the latest in the trends of threat actors who use Google Ads to infiltrate the wallets of unsuspecting victims.
Scam Sniffer shared a warning in a post on X (formerly Twitter) revealing that the top Google search results for a distributed Hyperswap exchange is actually a malicious sponsored ad that redirects users to the wallet drainer site and emptys the victim’s wallet within two seconds.
Scam Sniffer warned that HyperSwap’s top Google search results are malicious links to wallet drain sites. |Source: Scared Sniffer
Ads appear at the top of search results as scammers sponsor Google Ads to rank them in search results, increasing the visibility and legitimacy of the links. However, clicking on the link will cause unsuspecting visitors issues.
Once you reach the site, users will be asked to connect to the crypto wallet. The moment a user grants permission, it runs a malicious script in the background and drains the user’s token wallet without the need for explicit transaction approval.
The exact number of users affected by this current attack has not yet been disclosed.
Alert: Fake Top Google search results for “Hyperswap” ads now!
These phishing ads are designed to eject wallets through malicious transaction signatures. pic.twitter.com/lmfkbhbrrx
– Scared Sniffer | Web3 Anti-Scam (@RealScamsNiffer) May 6, 2025
Hyper-swap phishing links reflect the growing threat of wallet drainers
Wallet drainers are nothing new in crypto and Web3. They even promote their platforms through marketing campaigns on various channels, such as Google Ads and social media, presenting themselves as a legitimate business and reaching more people.
On April 26, the scam sniffer also notified the public of Solkan’s Google Ads scam, similar to the recent hyperswap campaign.
A notable, successful event that ran for about nine months was the MS drainage scam, which drained the wallets of around 63,000 victims for a tuning of around $59 million. The scammer reportedly ran ads on Google and X. These ads are often indistinguishable from legitimate results and continue to operate long enough to cause significant damage before they are reported and removed.
The scammers have created and deployed fake website versions of popular web3 platforms such as Lido, Radiant, Zapper, and Defilami.
If a bad actor is weaponizing the AD platform, then a scam sniffer may be reporting many of these instances.
For example, in 2024, the scam Sniffer reported the fake Pudgy Penguins website, appearing as an ad on news platforms. Malicious ads targeting users interested in Pudgy Penguin were reportedly provided through the Google Ad Network. It then loads suspicious code that checks if the user has a Web3 wallet and redirects the user to the fake Pudgy Penguin website.
The scale of the damage prompted a strong industry’s request to respond
According to a 2024 report, the wallet drainer fraud caused more than $494 million in 2024 alone, up 67% from the previous year. The scam sniffer reportedly identified more than 332,000 addresses emitted, 3.7% higher than recorded in 2023.
These incidents have updated the demand for stricter control on digital advertising platforms. Critics argue that companies like Google and X need to step up their ad verification processes and respond more quickly with fraud reporting.
Some platforms have already taken action, and Google has implemented stricter advertising policies for crypto-related content. However, scammers often find workarounds using cloak links, spoofed domains, and burner accounts, and continue to run the scam for several days before detection.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
