Cyber criminals used Google AdWords to steal Bitcoins

Crooks stole $50 million in Bitcoins with the help of Google ads

Cyber criminals used Google Adwords to steal Bitcoins

Coinhoarder is a group of cyber criminals based in Ukraine who managed to steal $50 millions worth of Bitcoins. Crooks launched Google Adwords campaign at least three years ago and targeted the legitimate Bitcoin wallet service.

Criminals used phishing links and brand spoofing to trick users into clicking ads that appear on the top of the Google search results once someone types “blockchain,” “bitcoin wallet” or similar keywords.

The amount of stolen Bitcoins confirms that this phishing campaign was effective and convincing. According to the researchers from Cisco Talos, [1]these ads redirected to the sites in user’s native language which was detected based on his or her IP address.

The majority of targets are in Africa

The interesting fact is that cyber criminals targeted developing countries. The research tells that crooks aimed at African countries, such as Nigeria or Ghana. However, some European countries were among victims too, for instance, Estonia, Ireland or France.

Geographic targeting to developing countries is explained simply. For example, local currencies in African countries are more unstable than Bitcoins or other digital cash. What is more, attacking countries that are not native English speakers seems to be easier targets too.

However, Cisco Talos together with Ukraine’s law enforcement managed to identify and track criminals’ Bitcoin wallet addresses. During the monitoring between September and December 2017, criminals managed to steal around $10 millions worth of Bitcoins.

Researchers explain that phishing sites are created very well due to the usage of internationalized domain names (IDNs).[2] It’s nearly impossible to spot this scam, especially if user access spoofed websites via smartphone.

Thanks to the Ukrainian authorities, some of these sites were shut down. However, Coinhoarder group remains active and continues stealing money from Bitcoin investors.

Taking precautions to avoid suffering from Coinhoarder and other cryptocurrency phishing scams

While cryptocurrency is one of the hottest topics, cyber criminals will be looking for new ways how to stand in the middle. However, the exploitation of Google Adwords shows that criminals start applying advanced techniques to use perform their illegal jobs.

Security experts suggest to remain attentive and pay more attention to cyber security to avoid suffering from Bitcoin scam or fraud:[3]

  • Users should strengthen the security of cryptocurrency private keys by using hardware wallet.[4] Online websites are not the most secure place to store them.
  • Do not rush clicking links (especially on ads) to avoid being redirected to a phishing website.
  • Attentively investigate the website in order to check if you ended up on the legitimate site or not. Keep in mind that criminals learned how to create fake websites look perfectly fine.
  • Avoid clicking ads. When you are looking for crypto-currency related information, do not rush clicking ads. Chances to click on malicious ads are growing rapidly.[5] Additionally, you can install adblock that will ban all ads saving you from the fatal click on a fraudulent ad.

Finally, you should always access needed sites directly. Therefore, if you often visit, you should add it to your bookmarks and avoid using search engines to visit it.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions