Hackers Stole $50 Million in Cryptocurrency Using 'Poison' Google Ads. The hackers are from Ukraine.
Image Source Ukrainian Cyberpolice
victims,” the Talos team led by Jeremiah O’Connor and Dave Maynor said in their report.
Cisco, which investigated the “massive phishing campaign” for more than six months in partnership with Ukraine’s Cyberpolice, noted that the Coinhoarder group’s method has since “become increasingly common in the wild, with attackers targeting many different crypto wallets and exchanges.” Schemes involving digital advertising prompted Facebook to ban all cryptocurrency ads earlier this year, and Google is also working to root out abusive ads, a spokesperson recently told Fast Company.
For example, the poison ads included “spoofed” links with small types like “blokchien.info/wallet” and “block-clain.info,” which sent visitors to a landing page that mirrored actual websites of the company Blockchain, which runs both the domains Blockchain.info and blockchain.com. (The legitimate sites appeared lower in results than the “poisoned” links, according to Cisco’s report.)
Fooled into believing they had come to the right place, victims then entered private information that allowed the hackers to gain access to their actual wallets and take their digital money. “The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” the Talos team led by Jeremiah O’Connor and Dave Maynor said in their report.
Cisco, which investigated the “massive phishing campaign” for more than six months in partnership with Ukraine’s Cyberpolice, noted that the Coinhoarder group’s method has since “become increasingly common in the wild, with attackers targeting many different crypto wallets and exchanges.” Schemes involving digital advertising prompted Facebook to ban all cryptocurrency ads earlier this year, and Google is also working to root out abusive ads, a spokesperson recently told Fast Company.
Phishing, which is just one of several techniques used to steal Bitcoin, is also deployed by the notorious North Korean hacking ring known as the Lazarus Group, which is likewise accused of perpetrating phishing attacks to steal cryptocurrency. Cisco found that the Coinhoarder scam disproportionately ensnared those from underbanked regions where cryptocurrency has caught on as an alternative means of storing wealth: Residents of African countries such as Nigeria and Ghana made up the majority of those who landed on the malignant websites.
In its report, Cisco also revealed some of the hackers’ own Bitcoin wallet addresses, to which it was able to trace the stolen funds with the help of Ukrainian law enforcement. Unmasking the actual thief or thieves is more difficult, as Bitcoin addresses are pseudonymous and don’t contain the name of the person to whom they belong. But Cisco’s Talos researchers are scouring the Internet for clues, including forums such as Reddit where Coinhoarder victims have discussed the theft. “While identifying the individual who owns a specific wallet is extremely difficult, we still can look for open source intelligence surrounding the wallet,” the researchers said in the report.
One day, victims might even be able to get their money back—though such happy outcomes are so far exceedingly rare.
Source: http://fortune.com/2018/02/14/bitcoin-cryptocurrency-blockchain-wallet-hack/
