Users Of Terra (LUNA) Lost $4.31 Million In Phishing Attack Through Malicious Google Ads

Users of the Terra (LUNA) network and its various DeFi protocols, such as Anchor, Nexus, and Astroport, have been the target of a phishing attack using bogus Google ads

Crypto users of the Terra (LUNA) network and its various DeFi protocols, such as Anchor, Nexus, and Astroport, have become the target of a new phishing attack using bogus Google ads.

🚨[SlowMist Security Alerts]🚨#LUNAtics be cautious of phishing scams from fake ads$Luna @anchor_protocol @NexusProtocol @astroport_fi @stablekwon @terra_money
Details 👇

— SlowMist (@SlowMist_Team) April 21, 2022

Slowmist’s team identified and highlighted the phishing attack, as well as explained that numerous users lost close to $4.31 million in assets between the 12th and 21st of this month. Furthermore, the funds were transferred from 52 different transactions to a single address.

According to the SlowMist intelligence zone, numerous users on the Terra network had their funds stolen recently.

From 4/12 to 4/21, close to $4.31 million in assets were maliciously transferred to terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x3 from about 52 different addresses.

— SlowMist (@SlowMist_Team) April 21, 2022

The Malicious Terra Ads Look like Legitimate Google Ads

SlowMist’s team investigated the phishing attack and concluded that it was the result of Google ads that appear at the top of searches for Terra, Anchor Protocol, or Astroport Finance.

Our security team conducted an analysis of this incident and discovered that the bulk of this attack was from google phishing ads. Users would search well know projects on the Terra blockchain such as @anchor_protocol or @astroport_fi only to click on the first link by google. pic.twitter.com/aucIcnsCd7

— SlowMist (@SlowMist_Team) April 21, 2022

The Fake Google Ads Will Prompt You to Connect to Your Terra Wallet

According to the Slowmist team, the Google ads have links that appear to be normal. When clicked, however, they redirect to a different domain that prompts users to connect their wallets. The following is a tweet about how they described the sequence of events:

These may look like normal ads and some even show the same domain names, but once you click on the link, the domain name actually changes. When clicked, it'll prompt you to connect your wallet, however instead of connecting, users are asked to input their seed phrase. pic.twitter.com/OZjifaJ17m

— SlowMist (@SlowMist_Team) April 21, 2022

The SlowMist security team recommends users on the Terra blockchain be cautious and avoid clicking on any Google ad links or links with questionable sources. This will help reduces the likelihood of falling victim to phishing scams.