You are here

Cisco Uncovers $50 Million Phishing Scam

fishing hook

A group of Ukrainian hackers called Coinhoarder are being held responsible for stealing more than $50 million of cryptocurrency. The group set up fake versions of, one of the web’s most popular online wallets, and stole victims’ details.

Their exposure comes courtesy of Cisco, whose Talos team identifies new and developing cyber threats. In a blogpost Talos described the phishing technique, and the details of Cisco’s investigation. Coinhoarder would create fake ads then bid for keywords like “bitcoin wallet”. In this way they would “poison user search results” for Google searches related to cryptocurrency terms.

The ads would look similar to legitimate adverts, but the URLs would betray small differences. For example, in the case of the scammers would offer webpages at “” and “”. Once these links were followed, the user would find themselves on a fake website that looked near identical to the real one. If the user entered their details then the hackers could get access to their real wallets.

According to Cisco this business was simple and effective: “the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims.”

The six month investigation was carried out in partnership with the Ukrainian cyber police. During this time Cisco say that such schemes have “become increasingly common in the wild, with attackers targeting many different crypto wallets and exchanges.”

Cisco estimates that Coinhoarder have been operating for at least three years, during which they have probably raised over $50 million. Much of the stolen funds have come from the developing world. The report identifies that the adverts were specifically targeted towards “African countries and other developing nations where banking can be more difficult”. Also vulnerable were “countries whose first language is not English”.

According to Cisco, “Ukraine is a hotbed for many types of attacks” and the company has seen “a substantial rise in financial motivated campaigns coming from and targeting this region.

Phishing attacks have come to increased prominence in recent months. Kristov Atlas, an engineer at, says that “phishing is one of our top areas of concern in protecting our users.

Image From Shutterstock

Related posts

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.