Ukrainian cyber-thieves bagged $50mn in bitcoin phishing scam

Security analysts at the US technology corporation Cisco have exposed a bitcoin phishing scam, which involves web resources disguising themselves as one of the world's most popular online wallets, Blockchain.info.

Cisco has been investigating the case over the past six months in partnership with Ukrainian Cyber-police, according to the firm’s security experts Dave Maynor and Jeremiah O'Connor. Nearly $50 million was stolen by Ukrainian hackers over a three-year period through the so-called ‘Coinhoarder’ phishing scam.

“The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” they wrote in a blog post.

According to the analysts, the campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. “This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals,” the researchers wrote.

The perpetrators behind the attack would reportedly create websites similar to Blockchain but with different domain names, such as ‘block-clain.info’ and ‘blockchien.info,’ so that the casual user may not notice. After that, they could “leverage Google Adwords to poison user search results in order to steal users' wallets,” thereby directing more traffic to those pages.

The firm started tracing the group's activity in 2015 and said that “tens of millions of dollars” in digital currencies had been stolen since then. According to Cisco estimations, nearly $50 million has been stolen, including $2 million in less than four weeks last year.

“What is clear from the Coinhoarder campaign is that cryptocurrency phishing via Google Adwords is a lucrative attack on users worldwide,” the researchers said.

For more stories on economy & finance visit RT's business section