The biggest online advertising fraud in history, and how blockchain can make ad fraud history

The Methbot operation, the largest instance of digital advertising fraud, reveals the need for disruption in the ad industry. Blockchain-based ad networks like AdEx could be the solution.

The biggest online advertising fraud in history, and how blockchain can make ad fraud history

What the advertising industry can learn from the biggest online ad scam of all times is that it’s time for a discruption and for more blockchain-based ad networks like AdEx

In September 2016, the digital advertising security firm White Ops noticed some peculiar activity by a bot they had previously flagged for monitoring.

Up until that point, the bot had been generating low-volume automated web traffic, until this activity began to grow aggressively very quickly.

Within a few of weeks of the bot’s increased activity was spotted, the bot began to generate impressions at a mind-blowing pace and spread across different platforms, producing 3 to 5 billion bid requests per day, making its creators between $3 — $5 million/day.[1]

To date this bot, now named Methbot, is the larges discovered instance of digital advertising fraud in the world.

The Methbot ad fraud scheme in a nutshell

The Methbot operation can be summarized in three steps:

  1. Methbot selected premium domains and created counterfeit pages that resembled the original URLs.
  2. Using standard advertising practices, the bots requested video ads from ad networks.
  3. A bot farm then produced fake views and ad clicks.

The fraudulent scheme, designed and executed by a group of Russian cyber-criminals, known as “AFK13”, was planned to the very last detail. The group first created over 6,000 domains and 250,000 distinct URL addresses that resembled those of legitimate publishers like,,, etc. However, everything that could be hosted on those pages, was video ads.

These fake domains were then able to trick ad-serving algorithms into placing profitable ads on them and the phony pages were favoured over big name brands by the algorithms. This is huge, as video advertising on premium publishers is one of the most expensive types of online advertising.

Meanwhile, AFK13 invested in a bot farm that faked traffic from 570,000+ “viewers” who would “watch” as many as 300 million video ads a day, with an average CPM* of $13.04 (CPM: Cost per mille; the cost advertisers pay for every thousand views of an ad). The bots mimicked human behavior when it came to clicks, mouse movements, etc.

Why did Methbot fool ad networks

The reason Methbot was able to operate undetected is simple: it was simply very smart. AFK13 developed a complex infrastructure that easily fooled programmatic advertising networks. These networks have very basic fraud-protection mechanisms and detailed information about said mechanisms is rarely disclosed to advertisers.

Google, for example, explains that they use both algorithmic and manual analysis to prevent ad fraud and invalid clicks/traffic. They claim that “the vast majority of all invalid clicks on AdWords ads are caught by our online filters. These filters are constantly being updated and react to a wide variety of traffic patterns and indications of click fraud attacks”[2] but disclose no other details.

Facebook is even more concise: “We do a few things to reduce the risk of abuse from invalid clicks and help improve your ad performance like capping the number of times any ad is shown to a person, regardless of whether they click on the ad.” [3]

Then there are companies like White Ops that offer advertising security services. These usually monitor browser environments and look for data inconsistencies. If they catch any deviation, for example a user claiming they are using a Chrome browser but the browser is behaving inconsistently, they would investigate further.

As we mentioned, though, Methbot was taught to behave in a coherent way and to fake browser behavior so fraud detection companies would not flag its activity. Here is a more comprehensive explanation by White Ops:

To avoid detection, the group developed and cultivated an array of infrastructure dedicated to the Methbot ad fraud operation. Instead of the more traditional malware botnet structures, which involve attacks on existing IP addresses and piggybacking on residential computers, Methbot operators farm out their operations across a distributed network based on a custom browser engine running out of data centers on IP addresses acquired with forged registration data. Using these forged IP registrations has allowed the Methbot operation to evade typical datacenter detection methodology. This marks an innovation that transcends beyond traditional botnets, allowing Methbot to scale beyond anything the industry has seen before and placing it in a new class of bot fraud.

This said, AFK13 took any precaution they could to ensure the smooth operation of Methbot and make millions in ad fraud.

Who was affected

The party most affected by AFK13’s scheme was advertisers as they were the ones billed by ad exchanges for ads that were never shown to their intended audiences.

There is a slim chance that advertisers will see back any of the money AFK13 was able to pocket with the help of Methbot. As White Ops’ COO Eddie Schwartz noted for a Forbes piece, “historically… it’s been challenging to get cooperation with Russia to prosecute cyber-related crimes.”

However, ad buyers were not the only victims of the operation. Respected premium publishers lost the potential profits they would have realized had the video ads been placed with them, instead of on the fake sites created by the cyber-criminals.

Ad platforms, analytics firms and advertising fraud detection vendors had their reputations slashed for allowing this to happen. As a result, advertisers and publishers are less likely to trust them, and this is bad for the entire digital advertising industry.

How can ad fraud be prevented

As ingenious as Methbot is as a scheme, its existence could have been prevented by ad-serving networks leveraging technology such as asymmetric encryption, machine learning and more sophisticated authentication. In reality, however, ad exchanges are slow to adapt to such technological challenges.

At the same time, ad fraud is only growing, making room for a shift in the contemporary ad industry paradigm.

This is where blockchain technology and solutions like AdEx come in. An ad exchange built on the fundament of a decentralized, fully traceable ledger of advertising transactions could save the industry billions of dollars in ad fraud and would contribute to an online advertising marketplace that is beneficial for all of its participants.

Interested in AdEx? Follow us:
Discord | Twitter | Reddit | GitHub | Facebook

[1] The Methbot Operation whitepaper by White Ops

[2] Google’s Protection against Invalid Clicks

[3] How does Facebook prevent and detect invalid clicks?