Victim loses $900,000 to Google Ad phishing

Google Ad phishing is the practice of taking out a Google advertisement to promote a malicious website impersonating a legitimate project. By taking out the ad, the result is pushed to the top of the search results page, tricking unsuspecting victims into believing it's a legitimate search result.

On August 21, an individual searched for "celer bridge" to find the website for the Celer blockchain bridge. The first result appeared legitimate, even displaying the correct URL for the actual Celer bridge. However, once they clicked the result, they were redirected to a phishing website.

Once the victim connected their crypto wallet, it was immediately drained of $900,000 in the USDC stablecoin. They wrote on Twitter that it was "most of [their] net worth".