A sponsored Google ad claiming to promote Sony’s blockchain project, Soneium, has been exposed as a crypto wallet drainer.
This incident adds to the growing threat of wallet drainers that have plagued the crypto space.
Google Ad Scam Targets Soneium’s Users
In a post shared on October 22 via X by blockchain security firm Scam Sniffer, the firm detailed how a search for “Soneium” on Google led users to a phishing site. It appeared to be a legitimate page for Sony’s blockchain platform, reportedly containing hidden software meant to drain crypto wallets from unsuspecting visitors.
Scam Sniffer explained that the ad linked to a website with a domain name almost identical to the official Soneium website. The phishing page looked like an unfinished landing page for a UK-based radiology service, giving it a deceptive and professional appearance.
A separate post highlighted the ease with which users could fall victim to this hoax, especially if they mistakenly typed “Someium” instead of “Soneium” in their search.
The security company also noted that the criminals used sophisticated techniques to bypass Google’s security measures. This allowed the ad to remain undetected for some time.
Soneium is an Ethereum layer-2 blockchain developed by Sony Block Solutions Labs, a collaboration between Sony and blockchain firm Startale Labs. The platform launched its testnet in August 2024.
The Broader Wallet Drainer Threat
This latest incident adds to a growing list of crypto-related phishing attacks. Scam Sniffer previously reported that over $46 million worth of cryptocurrency was stolen from 10,800 phishing victims in September alone.
For the third quarter of 2024, more than $127 million worth of digital assets were stolen in such incidents, with Ether wallets being a frequent target. Back in late April 2024, the Web3 security company also revealed that over $4 million had been stolen in just a few weeks through similar malicious websites promoted via Google Search.
Thieves took advantage of slight changes in domain names to trick users into visiting fraudulent crypto websites, with major financial consequences for many.
In September, a separate crypto deception hit Google Play Store users. A fraudulent app called WalletConnect imitated the legitimate WalletConnect protocol but was designed to drain users’ crypto wallets. This app managed to deceive over 10,000 people and stole $70,000 from users before being uncovered.
Crypto wallet-draining programs have been a persistent threat in the crypto space. A Scam Sniffer report from late 2023 showed that these malicious tools were responsible for more than $295 million in losses that affected around 324,000 victims that year.