Hackers Steal Over $50 Million from Bitcoin Wallet Users using Poisoned Google Ads

Posted on February 15, 2018 at 7:16 PM

Hackers Steal Over $50 Million from Bitcoin Wallet Users using Poisoned Google Ads

A cybersecurity firm has discovered that hackers used poisoned Google ads to steal over $50 million worth of cryptocurrency from blockchain.info users.

One of bitcoin’s best and worst features is its enhanced anonymity. While it affords users more privacy than traditional transactions, the convenient feature has also been exploited by malicious actors to steal cryptocurrencies from unsuspecting victims’ wallets without any fear of being caught out. However, the cybersecurity firm, Cisco, has recently revealed a group of hackers responsible for an elaborate attack which has so far stolen millions from bitcoin wallet users.

Hackers exposed

In a report published earlier this week, the Cisco Talos team revealed that a Ukraine-based hacking group, known as Coinhoarder, has been stealing cryptocurrency from Blockchain.ino users. blockchain.info is one of the most popular crypto wallet solution available and Coinhoarder has been manipulating this service to steal more than $50 million from its users.

According to the report, Coinhoarder executed this hacking campaign using a simple yet effective technique. The hackers bought ads that contained certain popular keywords related to cryptocurrency. After buying the ads, hackers could poison the victim’s search results and display the compromised ads when a user googled terms such as “bitcoin”, “wallet”, or “blockchain”. The malicious ads would show up and mislead users into thinking that they were being redirected to a legitimate website of blockchain.info wallet services.

Every poisoned ad included fraudulent links which pretended to be linked to the legitimate blockchain.info website, for example some links were written as “block-clain.info” or “blockchien.info/wallet’. After users clicked on the fraudulent links, they were directed to a landing page which once again imitated the legitimate blockchain.info website. Interestingly, the Cisco Talos report notes that the legitimate website was actually displayed in in a lower position on the search results page than the fraudulent ads.

After victims had been sufficiently misled, they subscribed to the fraudulent wallet service and entered all their personal details and private which enabled the hackers to access their actual wallets and empty their funds. According to Cisco Talos researchers Dave Mayor and Jeremiah O’Connor, Coinhoarder simply had to continue buying more Google ads to continue tricking victims and stealing millions worth of cryptocurrency.

More attacks in the future

According to the report, Cisco Talos has been investigating this hacking campaign together with the Ukrainian cyberpolice for the past six months. What makes this new hacking campaign more alarming is the fact that this technique has been increasingly common and popular among the hacking community. While Facebook recently banned all cryptocurrency ads, Google ads remain a major problem. However, according to a Google spokesperson, the company is currently working on a system that will eradicate all fraudulent ads.

The Coinhoarder hacking campaign has been active for three years, but as the bitcoin price climbed to reach prices of up to $20,000 last year, the frequency of attacks increased as well. Coinhoarder stole over $10 million worth of cryptocurrency between September and December 2017 alone. In a particularly lucrative burst of activity, the hackers stole $2 million in less than a month. According to Talos’ estimations, the hackers’ total stolen funds amount to over $50 million.

Several hacking groups have been chasing bitcoin and other cryptocurrencies ever since the dramatic price increase of 2017. For example, the North Korean state-sponsored hacking group, known as Lazarus Group, has been using a mixture of phishing attacks and other techniques to steal millions of cryptocurrency coins from exchanges and individual users alike. According to the Cisco Talks report, the hackers targeted individuals who were likely to use a cryptocurrency wallet due to their country’s lack of widespread access to banks. African countries were particularly targeted, such as Ghana and Nigeria.

The Talos report also included some of the hackers’ wallet addresses which they used to trace the stolen cryptocurrency. However, it might be impossible to ever find the true perpetrators as the hackers likely created the bitcoin wallet addresses using pseudonyms. However, Talos will continue to search for intelligence regarding the source of the attacks.

Summary
Hackers Steal Over $50 Million from Bitcoin Wallet Users using Poisoned Google Ads
Article Name
Hackers Steal Over $50 Million from Bitcoin Wallet Users using Poisoned Google Ads
Description
A cybersecurity firm has discovered that hackers used poisoned Google ads to steal over $50 million worth of cryptocurrency from blockchain.info users.
Author
Publisher Name
Koddos
Publisher Logo

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE