A single "yes" click on a Google prompt cost two cryptocurrency investors millions after falling victim to sophisticated phone scammers impersonating Google support, reports Brian Krebs on KrebsOnSecurity.

Adam Griffin, a Seattle-area firefighter, lost $450,000 from his Exodus wallet after receiving a call from a fake Google representative. The scammer had called from an actual Google Assistant phone number and sent security alerts directly from google.com using Google Forms. After Griffin clicked "yes" on a Google prompt, the thieves gained access to his Gmail account – and discovered he had stored his cryptocurrency wallet's secret seed phrase as an image in Google Photos. Armed with this recovery phrase, they quickly drained his funds. When the crooks later attempted to steal an additional $100,000 from Griffin's Coinbase account, the platform's security measures caught and blocked the transaction.

Just days later, the same scam group struck again, this time phishing 45 bitcoins (worth $4.7 million) from Tony, a California father of two.