Security researchers at Cisco have released new information about a bitcoin phishing scam that involves websites masquerading as Blockchain.info, the popular online wallet service.
In a blog post published Wednesday, Dave Maynor and Jeremiah OâConnor detailed the Coinhoarder phishing scam, which they said Cisco has been investigating in the past six months in partnership with the Ukrainian Cyberpolice. All in all, they said that those behind the scam had netted $50 million in cryptocurrency over a three-year period.
âThe campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,â they wrote. âThis campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals.â
As shown in the blog, those behind the attack would create websites similar to Blockchain but with different domain names â âblock-clain.infoâ and âblockchien.infoâ among them â that the casual user may not notice. They then âleveraged Google Adwords to poison user search results in order to steal usersâ wallets,â thereby directing more traffic to those pages.
Cisco traced the groupâs activity back to as early as 2015 and estimated that âtens of millions of dollarsâ in cryptocurrency had been stolen since that year. They indicated that as much as $50 million had been stolen, including $2 million in less than 4 weeks during one period last year.
âWhat is clear from the COINHOARDER campaign is that cryptocurrency phishing via Google Adwords is a lucrative attack on users worldwide,â the firm concluded.
Image via Shutterstock
