Cryptocurrency theft is becoming a serious problem worldwide as the industry continues to grapple with issues of integrity, stability and regulation, even as the underlying Blockchain technology becomes increasingly mainstream, seemingly, with every passing day. After Japanese exchange firm Coincheck was hit by a massive cryptocurrency heist last month, a report published by Cisco’s Talos cyber-security team now suggests that users of popular online digital wallet, Blockchain.info, have also been hit by a phishing scam amounting to a whopping $50 million.
Talos apparently discovered the scheme in February 2017, when it noticed that phony sites were attracting “over 200,000 client queries” per hour. The researchers also describe the scam as “unique”, because it leveraged the power of Google AdWords to carry out the heist. According to Talos and the Ukranian cyber police, Google AdWords displayed fraudulent ads from an Ukrainian cyber-crime group called ‘Coinhoarder’ at the top of search pages for users who Googled ‘blockchain’ or ‘bitcoin wallets’.
According to the researchers, the ads contained “gateway phishing links … that would redirect to a lander page (when clicked on) and serve phishing content in the native language of the geographic region of the victim’s IP address”. As can be seen above, the cyber-criminals used domain names like, ‘blockchien[.]info’ or ‘block-clain[.]info’ that closely resemble the name of the genuine website, but were allegedly setup by Coinhoarder. Over time, the operation became more sophisticated, with the criminals using bogus SSL certificates alongside various techniques, such as ‘typosquatting’, ‘brand spoofing’, and ‘homograph attacks’.
After managing to track down the wallet addresses of the scammers, the researchers believe that the group has been going on about their merry ways since “at least 2015”. According to the researchers, hackers allegedly stole $10 million worth of Bitcoin from September 2017 to December 2017, as can be seen in the screenshot below.
While Google is yet to comment officially on this issue, crypto-phishing scams are becoming increasingly common on a number of different platforms, not just Google. Only recently, Twitter expunged a lot of accounts believed to be associated with such scamsters who were impersonating well-known leaders of the cryptocurrency industry, like Ethereum creator Vitalik Buterin and Litecoin creator Charlie Lee.