Malicious Google ad campaign redirects crypto users to fake Pudgy Penguins website

Blockchain security experts have uncovered a new scam that uses malicious Google ads to trick crypto users into visiting the fake Pudgy Penguins website.

A new scam targeting crypto users has been uncovered, with analysts at blockchain security firm Scam Sniffer warning that bad actors are exploiting Google’s ad network to serve malicious ads.

In an X thread published on Wednesday, analysts explained that the malvertisements contain suspicious JavaScript code that checks whether the viewer has a crypto wallet. If a wallet is detected, the code redirects users to a fake website that mimics the legitimate website of Pudgy Penguins, a non-fungible token collection of 8,888 unique tokens depicting chubby cartoon penguins.

🚨 EMERGENCY SAFETY ALERT 🚨

1/6 A user reported being redirected to a fake site @pudgypenguins Website via Singapore news portal. Our investigation revealed that this was part of a larger malvertising campaign. pic.twitter.com/Izv3f87WrX

— Fraud Detector | Web3 Anti-Scam Protection (@realScamSniffer) December 25, 2024

Once users are redirected to the fake website, scammers can steal personal information or persuade victims to link their wallets, allowing unauthorized access to withdraw funds.

The current target of the scam is Pudgy Penguins users, but Scam Sniffer warned that this method could easily be adapted to target other crypto projects as well. Security experts advise crypto investors to always check website URLs carefully to avoid falling for similar scams. To stay safe, Scam Sniffer recommended using ad blockers, using a separate browser for web3 activities, and double-checking URLs before connecting a wallet.

The latest scam is part of a larger trend in which bad actors are leveraging Google Ads to trick crypto users. In one example, scammers impersonated the Revoke Cash recovery service using fake ads that redirected users to a fake site designed to steal funds. In another case, Google Ads was used to promote a fake version of the Whales Market crypto platform, redirecting users to a fraudulent site where their wallets were compromised.