Misspelled “Soneium” Google Search Puts Crypto Wallets at Risk: Scam Sniffer

A simple typo could cost you your cryptocurrency. Web3 security firm Scam Sniffer has discovered a malicious link targeting Google users searching for Sony’s new blockchain, Soneium.

According to Scam Sniffer, a Google-sponsored ad that appears when users search for “Soneium” but misspell it as “someium,” directing them to a fraudulent website. This site, masquerading as a legitimate link, is a crypto wallet drainer designed to steal funds.

In an October 22 post on X (formerly Twitter), Scam Sniffer shared their findings: “Searched for Soneium on Google, clicked a phishing ad. Phishing always happens when you’re not paying attention, even if you mistakenly spell ‘Soneium’ as ‘someium.'”

Source: X

Scam Sniffer revealed that the phishing link used a domain suffix different from Soneium’s official website. The fraudulent page appeared as a basic, unfinished site for a British-based radiology service.

The creators of this malicious website employed specific tactics to avoid detection. Scam Sniffer explained, “It’s hard to see it unless you are targeted, and that’s why Google couldn’t know about it.”

Soneium is Sony’s Ethereum Layer 2 blockchain, developed by Sony Block Solutions Labs, a joint venture between Sony and Startale Labs. The blockchain entered its test net phase in August 2024.

Transak, a fiat-to-crypto payment gateway provider, has discovered a security breach affecting 92,554 of its users. The event resulted from a sophisticated phishing attack on one of the company’s employees.

In its statement issued on October 21, the company expressed its concern over the breach. “We understand how disappointing and frustrating this situation is for our affected users,” Transak said. “Our top priority is to ensure user safety, and we are taking all necessary steps to fix any vulnerabilities and prevent such incidents in the future.”

Source: Transak

According to a Transak statement, the attackers were able to get an employee’s credentials, which they then used to access the systems of a third-party KYC (Know Your Customer) vendor. For Transak, this provider manages scanning and document verification services. After entering the vendor’s platform, the attackers were able to obtain private user data kept in the dashboard.

Personal information like names, birth dates, user pictures, and scanned copies of passports and other identification documents were among the compromised data. The corporation claims that 1.4% of its user base is comprised of these impacted users.

The Soneium and Transak incidents are among several notable phishing attacks of this year. Earlier this month, Scam Sniffer reported that $46 million in cryptocurrency was stolen in September alone, affecting 10,800 victims of phishing scams. Over the third quarter of 2024, a staggering $127 million was stolen from crypto investors, with Ethereum wallets being a primary target.

In April, Scam Sniffer highlighted a similar phishing campaign in which over $4 million was stolen in just a few weeks. Scammers purchased domain names resembling popular crypto platforms, making slight changes that tricked users into clicking on malicious links.

ASIC, the Australian Securities and Investments Commission, is warning small businesses to be on the lookout for more complex frauds such as investment fraud, fake billing, and remote access schemes.

Companies reported 4,933 frauds to the Australian Competition and Consumer Commission (ACCC) in 2023, a 27.9% rise from the year before and $29.5 million in losses. Interestingly, $17.3 million of these losses came from small and microfirms. False billing ($11.8 million), investment scams ($6.2 million), and remote access scams ($4.9 million) caused the most damage.