Crypto users of the Terra (LUNA) network and its numerous DeFi protocols such as Anchor, Nexus, and Astroport, have become the target of a new phishing attack perpetrated using fake Google ads.
The phishing attack was identified and highlighted by the team at Slowmist, who also explained that numerous users of Terra lost close to $4.31 million in assets between the 12th and 21st of this month. Furthermore, the funds were transferred to a single address from 52 different transactions.
The team at SlowMist has analyzed the phishing attack and concluded that it stems from Google ads that pop up at the top of searches by users looking to find Terra, Anchor Protocol or Astroport Finance. The SlowMist team shared the following screenshot to further demonstrate their findings.
According to the team at Slowmist, the Google ads have links that look very normal. However, they redirect to a different domain that prompts users to connect their Terra wallets once clicked. They explained the sequence of events as follows:
These may look like normal ads and some even show the same domain names, but once you click on the link, the domain name actually changes. When clicked, it’ll prompt you to connect your wallet, however instead of connecting, users are asked to input their seed phrase.
The team at SlowMist recommends that users on Terra be extra cautious and avoid clicking on questionable links with questionable origins.