News View Non-AMP

Pudgy Penguins Crypto Scam: Google Ads Used to Steal Web3 Wallets!

Published by
Elena R

A new and clever phishing scam has been uncovered, targeting users of the Pudgy Penguins NFT project through Google ads. But what makes this attack particularly alarming is the method behind it—attackers are using trusted ad networks to deceive Web3 wallet users.

How safe are we really in an online world that seems increasingly vulnerable to such threats? Read on to discover how this scam works and why it could pose a serious risk to the crypto community.

How the Scam Was Discovered

According to ScamSniffer, the attack was uncovered after a user complained of being led to a fake Pudgy Penguins site through a Singapore news site. Subsequent research showed that this case is part of a malicious advertising campaign aimed at deceiving Web3 wallet users.

The most worrying part of this attack is the use of Google Ad Network to spread phishing scripts. The ads, hosted on the Adloox tracking domain (.com), contain harmful code that targets Web3 wallets.

How the Attack Works

The malicious code scans users’ browsers for Web3 wallets. If one is found, the user is redirected to a fake Pudgy Penguins site—pudqypenguin[.]com—that is designed to steal wallet credentials. While the attack currently targets Pudgy Penguins users, it could easily be used to target other Web3 projects, making it a significant threat to the broader crypto community.

The attack also reveals vulnerabilities in sites using Prebid.js, a popular header bidding library. If these sites use the Adloox analytics module, they risk running malicious scripts through their ads, which can lead to malware infections.

 

How to Protect Yourself from Phishing

As a result of this attack, experts are urging users to be extra cautious when interacting with Web3 platforms. To reduce the risk, it’s recommended to use ad blockers, access cryptocurrency-related websites in a separate browser, and always double-check URLs before entering wallet details. ScamSniffer is also a useful tool for detecting and preventing phishing attempts.

Once the campaign was discovered, security researcher ZachXBT immediately alerted Adloox to the issue. As a result, the malicious JavaScript files in Adloox’s CDN were removed, preventing further damage to users.

The growing sophistication of these phishing campaigns shows how crucial it is for users to stay one step ahead in the battle against cybercrime. Stay safe out there!

Elena R

Elena is an expert in technical analysis and risk management in cryptocurrency market. She has 10+year experience in writing - accordingly she is avid journalists with a passion towards researching new insights coming into crypto erena.

Recent Posts

Forget PEPE – Influencer Pepe (INPEPE) is the Future of Meme Coins with Real Utility!

PEPE hopped its way to a $3.8 billion market cap, but its reign as a…

April 3, 2025

Ripple (XRP) Eyes $10 as Ruvi AI (RUVI) Captures Investor Attention with Huge Growth Potential During Presale Phase 1

Ripple’s (XRP) recent rally from $2.00 to $2.20 has sparked excitement among cryptocurrency enthusiasts. This…

April 3, 2025

How High Can Influencer Pepe Go? Expert Predictions for 2025-2030!

The crypto circus has a new ringmaster: Influencer Pepe (INPEPE). This Pepe-the-Frog-inspired token is making…

April 3, 2025

Crypto Bloodbath: Solana, XRP, and Dogecoin Take Double-Digit Hits, Is Your Altcoin Safe?

The global cryptocurrency market took a major hit today, with the total market capitalization falling…

April 3, 2025

Just In: Michael Saylor Says ‘There Are No Tariffs on Bitcoin’

The cryptocurrency market took a nosedive Thursday, with Bitcoin and its digital cousins feeling the…

April 3, 2025

US Markets Face One of the Biggest Crashes- Here’s How the Crypto Markets & Bitcoin Price May React

The US markets are facing one of the biggest crashes, with over 4% loss in…

April 3, 2025