SlowMist – a blockchain security firm – has identified dozens of crypto addresses that have appeared to fall victim to a phishing scam on the Terra network since April 12th. The scammer’s address has reportedly reeled in $4.31M in assets up until the time of writing.
According SlowMist’s explanation twitter reported that $4.31 Million in assets were stolen from 52 addresses between April 12th – April 21st.
The security team’s analysis determined that the majority of attacks were conducted through google phishing ads.
A phishing scam is an attempt to trick victims into downloading malicious software or providing sensitive information.
Users were apparently tricked into searching for popular Terra projects such as Astroport and Anchor protocol.
Astroport, on the other hand, is an automated decentralized exchange and is a decentralized financial protocol that allows trading and borrowing. Anchor is called Anchor.
When searching for “Anchor protocol” or “Astroport”, Google’s first result presented realistic-looking ads that were actually scams. After users had accessed their links, the domain names for each related site changed.
Each ad displayed the following screen. Users were asked to connect their wallets and provide their seed phrases.
Seed phrases are human-readable versions of private keys that allow users to send money from the associated blockchain addresses. One should not give their private keys to anyone.
SlowMist recommends Terra users not to click any Google Ad links.
On Sunday, MetaMask issued a warning to Apple users about phishing scams following the wallet’s integration with Apple Pay. With this, scammers that phish users’ iCloud credentials could potentially steal their crypto funds as well.