Cisco: Bitcoin Phishing Scam Bagged $50 Million Over 3 Years

Cisco has released new information about a bitcoin phishing scam that involves websites masquerading as Blockchain.info.

AccessTimeIconFeb 15, 2018 at 7:00 a.m. UTC
Updated Aug 18, 2021 at 8:12 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Security researchers at Cisco have released new information about a bitcoin phishing scam that involves websites masquerading as Blockchain.info, the popular online wallet service.

In a blog post published Wednesday, Dave Maynor and Jeremiah O'Connor detailed the Coinhoarder phishing scam, which they said Cisco has been investigating in the past six months in partnership with the Ukrainian Cyberpolice. All in all, they said that those behind the scam had netted $50 million in cryptocurrency over a three-year period.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • "The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims," they wrote. "This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals."

    As shown in the blog, those behind the attack would create websites similar to Blockchain but with different domain names – "block-clain.info" and "blockchien.info" among them – that the casual user may not notice. They then "leveraged Google Adwords to poison user search results in order to steal users' wallets," thereby directing more traffic to those pages.

    Cisco traced the group's activity back to as early as 2015 and estimated that "tens of millions of dollars" in cryptocurrency had been stolen since that year. They indicated that as much as $50 million had been stolen, including $2 million in less than 4 weeks during one period last year.

    "What is clear from the COINHOARDER campaign is that cryptocurrency phishing via Google Adwords is a lucrative attack on users worldwide," the firm concluded.

    Image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.