Feb 15, 2018 by Jake

One of the major disadvantages of blockchain is its relative anonymity, which allowed several hackers to rob Bitcoin investors. However, a lot of companies are doing significant progress in exposing them, by explaining the strategy behind their attacks.

Recently, a group of hackers from Ukraine, known as Coinhoarder, managed to steal more than $50 million in cryptocurrency from users of the Blockchain.info website, one of the most popular digital currency wallets providers. According to Fortune, the report was published this week, by Cisco’s Talos cybersecurity team.

Don’t click on any ad!

Apparently, thieves relied on a relatively simple technique: buying Google Ads on popular cryptocurrency-related keywords and phrases. By this, they were altering user search results and managed to get access to multiple crypto wallets.

Any user who was searching for terms like “blockchain”, “bitcoin wallet” or related got malicious websites as results, mirroring the legitimate Blockchain.info website and the wallets hosted there.

The ads included intentional typos, resulting in links like “blokchien.info/wallet” or “block-clain.info”, sending visitors to shady landing pages, where their information was being stolen. And their strategy was apparently very good, as these pages were appearing higher in searches than the legitimate domains Blockchain.info and blockchain.com, according to the report from Cisco.

Not paying enough attention to the URLs, victims entered private information, so it was very easy for hackers to gain access to the wallets and steal digital currency.

The strategy was actually very simple

The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” said the team led by Jeremiah O’Connor and Dave Maynor. They also added that, after investigating this phishing campaign for more than six months, the method is widely used by other groups as well, “become increasingly common in the wild, with attackers targeting many different crypto wallets and exchanges.”

The group of hackers worked like this for the past three years, but the entire strategy surged at the end of 2017, when Bitcoin was trading at almost $20,000. The report calculated the total damage done to users considering the price of crypto coins at the time of the theft.