A series of malware attacks known as “crypto drainer” has recently been discovered by security researchers. These attacks have already resulted in the theft of $59 million from victims. In this article, we will provide a detailed description of these attacks and their implications.


The “crypto drainer” attacks involve luring victims to phishing pages through Google and X ads [5] [6]. Once on these pages, victims are tricked into approving transactions that drain their cryptocurrency wallets [3] [5] [6]. One specific version of the malware [5] [6], called MS Drainer [2] [3] [5] [6] [7] [8] [9], has been identified as the culprit behind these attacks [5] [6] [7]. The phishing pages are accessed through ads linked to keywords from the DeFi world [3] [5]. These malicious ads have been detected since March and use various techniques to bypass ad audits [3] [5] [6].

Scam Sniffer [4] [5] [6] [7] [8], a security monitoring service, has observed approximately 10,000 phishing sites using drainers since March [5] [6]. Shockingly, 60% of phishing ads on X lead to malware designed to steal virtual currency [5] [6]. MS Drainer alone has managed to steal $59 million from over 63,000 victims in the past nine months [4]. The source code for MS Drainer is even being sold directly to anyone on a dark web forum [5].

The severity of these attacks highlights the need for caution when interacting with online advertising. It also calls for the ad industry to improve its verification processes to prevent malicious actors from exploiting their services [5] [6]. Tech companies face an ongoing challenge in protecting users from advert-based phishing attacks [1], and this incident emphasizes the importance of continual advancements in security measures and user education on digital asset protection [1].


The “crypto drainer” attacks have had significant financial impacts, with $59 million already stolen from victims. Mitigating these attacks requires improvements in the ad industry’s verification processes and increased user education on digital asset protection. The retirement of other wallet drainers, such as “Inferno” and “Monkey Drainer,” after stealing millions of dollars from victims [8], further underscores the magnitude of this problem in the Web3 ecosystem. As technology continues to advance, it is crucial to stay vigilant and prioritize security measures to protect against evolving threats.


[1] http://blockpresso.com/crypto-scammers-bypass-google-ad-policies-to-steal-59m-via-fake-websites/
[2] https://coinminutes.com/news/ms-drainer-scammers-google-ads-theft-59m-crypto/
[3] https://healsecurity.com/crypto-drainer-steals-59m-via-google-and-x-ads/
[4] https://drops.scamsniffer.io/post/from-google-to-x-ads-tracing-the-crypto-wallet-drainers-58-million-trail/
[5] https://ciso2ciso.com/crypto-drainer-steals-59m-via-google-and-x-ads-source-www-infosecurity-magazine-com/
[6] https://www.infosecurity-magazine.com/news/crypto-drainer-steals-59m-google-x/
[7] https://www.hackread.com/hackers-stole-59-million-crypto-google-x-ads/
[8] https://www.tradingview.com/news/cointelegraph:534c8faf1094b:0-ms-drainer-scammers-used-google-ads-to-swipe-59m-in-crypto-report/
[9] https://gulfnews.com/your-money/cryptocurrency/scammers-use-google-x-ads-to-steal-59m-in-crypto-from-63000-victims-1.1703425814794