Ads and insiders threaten crypto

Crypto users are being hit from two directions at once: fake Google ads are stealing wallets, and trusted employees still hold the keys inside many firms. (gbhackers.com) A wallet drainer is a phishing tool built for crypto. Instead of asking for a password, it gets a victim to connect a wallet and approve a transaction that hands control of funds to the attacker. (chainalysis.com) Security group SEAL told GBHackers it blocked more than 356 malicious ad URLs in a few weeks, with campaigns peaking in March 2026 and continuing after Google suspended identified advertiser accounts. (gbhackers.com) The ads often impersonate decentralized finance apps, wallet services, and hardware-wallet brands. SEAL said attackers used trusted Google properties such as Sites, Docs, and Business pages as visible wrappers while the real payload sat in hidden frames off-platform. (gbhackers.com) Attackers are also buying or hijacking advertiser accounts to get those ads live. GBHackers reported SEAL had seen abused verified accounts sold on crime forums, including screenshots tied to large brands. (gbhackers.com) That ad abuse fits a broader pattern in 2026. Google Cloud’s Mandiant said in February that UNC1069, a financially motivated group targeting crypto firms, used a compromised Telegram account, a fake Zoom link, and reported deepfake video in an intrusion against a financial-technology victim. (cloud.google.com) Inside companies, the risk looks different but can end in the same kind of loss. ET CISO wrote on April 23 that insider threats include employees, contractors, or partners who already have authorized access and can leak data, damage systems, or expose information through carelessness. (ciso.economictimes.indiatimes.com) The ET CISO piece cited a Wipro report saying insider threats rank among the top cyber worries for capital-markets firms, and a Gartner study saying financial gain motivates 62% of malicious insiders. It also said about one-third of malicious insiders had access to sensitive data and 14% held leadership roles. (ciso.economictimes.indiatimes.com) Another recent signal is how hard the ad campaigns are to detect. GBHackers reported in February that researchers at Varonis found a cloaking platform called 1Campaign filtering out bots and investigators so that Google review systems saw harmless pages while selected users got phishing content; one observed campaign let only 10 of 1,676 visitors reach the malicious site. (gbhackers.com) For crypto companies, that leaves two separate control problems on the same day: stopping strangers from tricking users into signing away assets, and limiting what trusted insiders can reach, move, or approve without checks. (chainalysis.com)