Bitcoin Forum
November 15, 2018, 12:58:25 AM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Hackers Stole $50 Million in Cryptocurrency Using 'Poison' Google Ads  (Read 153 times)
alyssa85
Legendary
*
Offline Offline

Activity: 1316
Merit: 1056


View Profile
February 16, 2018, 01:31:35 PM
 #1

http://fortune.com/2018/02/14/bitcoin-cryptocurrency-blockchain-wallet-hack/

Quote
For years, hackers have robbed Bitcoin investors, emptying their cryptocurrency wallets without fear of being caught thanks to the relative anonymity of the blockchain. Now, Cisco (csco, +5.04%) has exposed the thieves behind a string of particularly flagrant attacks.

A Ukrainian hacker group dubbed Coinhoarder has stolen more than $50 million in cryptocurrency from users of Blockchain.info, one of the most popular providers of digital currency wallets, according to a report published Wednesday by Cisco’s Talos cybersecurity team.

The report explains how thieves preyed upon their victims using a “very simple” yet treacherous technique: Buying Google ads on popular search keywords related to cryptocurrency “to poison user search results” and snatch the contents of crypto wallets. This meant people Googling terms like “blockchain” or “bitcoin wallet,” saw links to malicious websites masquerading as legitimate domains for Blockchain.info wallets.

For example, the poison ads included “spoofed” links with small types like “blokchien.info/wallet” and “block-clain.info,” which sent visitors to a landing page that mirrored actual websites of the company Blockchain, which runs both the domains Blockchain.info and blockchain.com. (The legitimate sites appeared lower in results than the “poisoned” links, according to Cisco’s report.)

Fooled into believing they had come to the right place, victims then entered private information that allowed the hackers to gain access to their actual wallets and take their digital money. “The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” the Talos team led by Jeremiah O’Connor and Dave Maynor said in their report.

Blockchain, for its part, is working with Google “on a daily basis” to take down phishing ads, and secured the removal of almost 10,000 such malicious websites last year, along with another 3,000 it flagged in January alone, according to Blockchain CEO and co-founder Peter Smith.

The solution to this is not using Google to navigate. If you already have an account at blockchain.info or an exchange, BOOKMARK the url and go straight to that instead of googling the exchange name.

1542243505
Hero Member
*
Offline Offline

Posts: 1542243505

View Profile Personal Message (Offline)

Ignore
1542243505
Reply with quote  #2

1542243505
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542243505
Hero Member
*
Offline Offline

Posts: 1542243505

View Profile Personal Message (Offline)

Ignore
1542243505
Reply with quote  #2

1542243505
Report to moderator
1542243505
Hero Member
*
Offline Offline

Posts: 1542243505

View Profile Personal Message (Offline)

Ignore
1542243505
Reply with quote  #2

1542243505
Report to moderator
1542243505
Hero Member
*
Offline Offline

Posts: 1542243505

View Profile Personal Message (Offline)

Ignore
1542243505
Reply with quote  #2

1542243505
Report to moderator
First77
Member
**
Offline Offline

Activity: 266
Merit: 32


View Profile
February 16, 2018, 01:37:36 PM
 #2

Google made profits from those "poison ads" ??
bit-freedom
Sr. Member
****
Offline Offline

Activity: 574
Merit: 256


Look ARROUND!


View Profile
February 16, 2018, 01:55:50 PM
 #3

Thank you for sharing. Such phishing websites affect not only Blockchain.info but also the other popular exchanges and ICO project websites. We have to be careful about the websites accessed and use bookmarks.


.........................................
             █████████████████
         ███ ██     █     ██ ███
       ██ █████     █     █████ ██
     ███   █   █  █████  █   █   ███
   ███     █    ███ █ ███    █     ███
  ██  ███ ██ ███    █    ███ ██ ███  ██
  ██     ████       █      █████     ██
 ███   ██ █  ███    █    ███  █ ██   ███
 █ █ ██   █     ██  █  ██     █   ██ █ █
█████     █       █████       █     █████
 █ █ ██   █   ████  █  ████   █   ██ █ █
 ███   ████ ██      █      ██ ████   ███
  ██  █  █████      █      █████  █  ██
  ██ ██   ██ ████   █  ████  ██   ██ ██
   ██      █     ██████      █     ███
     ████  █   ██████████    █  ████
       ██ █████     █    ██████ ██
         ███  ██    █   ███  ███
            █████████████████
ARROUND









.









.
Telegram
ANN Thread
Bounty Thread
Whitepaper
kaizerblitz
Full Member
***
Offline Offline

Activity: 420
Merit: 105



View Profile
February 16, 2018, 02:18:54 PM
 #4

That"s nasty hackers stole $50 million of cryptocurrency i was feel so sad for those victim i hope they think before click because internet is dangerous.

AGATE  ▄▄▄▄▄▄ Facebook Telegram Twitter Medium   ▄▄▄▄▄▄   AGATE
█ █ █ █ █ █ █ █    PayPal of Cryptocurrencies     █ █ █ █ █ █ █ █
████  Blockchain Protocol + 12 Working Modules - Use Crypto as Cash  ████
@bi5ML
Newbie
*
Offline Offline

Activity: 123
Merit: 0


View Profile
February 16, 2018, 02:21:59 PM
 #5

Phishing attack to Blockchain, does it not enable Google Authentication? Blockchain wallet is very safe, the risk of hackers is very small. In this case the user must recognize where the attack started, whether from phishing email or anything else.
alyssa85
Legendary
*
Offline Offline

Activity: 1316
Merit: 1056


View Profile
February 16, 2018, 02:23:39 PM
 #6

Google made profits from those "poison ads" ??

Yes. Google makes a small profit every time someone clicks an ad.

The hackers paid google by the click, and they probably thought it was very cheap for the gains they were making through hijacking people's wallets.

Like I said: bookmark the urls of the exchanges you use. Don't google them.

Lucius
Legendary
*
Offline Offline

Activity: 1232
Merit: 1074


Fortis Fortuna Adiuvat


View Profile WWW
February 16, 2018, 02:37:11 PM
 #7

This is very popular way to deceive users and steal their user names&paswords,and it turned out to be a very inexpensive and effective way.In last months many people reported here on forum and on Reddit that after they download Electrum wallet( as upgrade ), or as a first time wallet - that their BTC is send in transaction in a matter of a few minutes.So many check what is going on,and we see that if you search for "Electrum" in google search, first results is paying add from Google which is always phising site with fake wallet.

I report more then 15 such sites related to Electrum,but new one pops every day - and newbies are perfect targets for such trap.

If you see something like that report here : Report Phishing Page


   ███                       
   █████                     
  ███████                    
 ██████████        █         
  █████████      ████        
  ████████      ██           
     ██████    ██            
       ██████████            
            ██████   ███████ 
         █████  ██████████████
       ███ ███  ████████████ 
       ██ █          █       
      █                      
     █                       
.
                          ██ 
                       █████ 
                      ███████
           █        ██████████
          ████      █████████
             ██      ████████
              ██    ██████   
              ██████████     
   ███████   ██████          
 ██████████████  █████       
   ████████████  ███ ██      
    ██████          █ ██     
                        █    
                         █  




███           
██████        
████████     
██████████    
████████████ 
██████████████
██████████████
████████████  
██████████    
████████      
██████        
███           
.

██████████
██████████
██████████
██████████
.

          ████
        ██████
      ████████
    ██████████
  ████████████
██████████████
██████████████
  ████████████
    ██████████
      ████████
        ██████
           ███
hatshepsut93
Hero Member
*****
Online Online

Activity: 966
Merit: 604


Vires in numeris


View Profile
February 16, 2018, 02:37:17 PM
 #8


The solution to this is not using Google to navigate. If you already have an account at blockchain.info or an exchange, BOOKMARK the url and go straight to that instead of googling the exchange name.

Google has a lot of flaws, but all other search engines are much worse in quality, so abandoning Google is not an option for most people. You are right about bookmarking, but there's also additional practices like: using adblockers, ignoring ads manually (basically, just never clicking on them if they appear), verifying SSL. The biggest risk of getting scammed by malicious search results is when  you use a service for the first time, so before depositing your coins or installing some software, users should always verify that this is official sites by searching for mentions across the web and verifying signatures when possible.

coinsocieties
Hero Member
*****
Offline Offline

Activity: 732
Merit: 501


One of the world's leading Bitcoin-powered casinos


View Profile
February 16, 2018, 02:43:15 PM
 #9

http://fortune.com/2018/02/14/bitcoin-cryptocurrency-blockchain-wallet-hack/

Quote
For years, hackers have robbed Bitcoin investors, emptying their cryptocurrency wallets without fear of being caught thanks to the relative anonymity of the blockchain. Now, Cisco (csco, +5.04%) has exposed the thieves behind a string of particularly flagrant attacks.

A Ukrainian hacker group dubbed Coinhoarder has stolen more than $50 million in cryptocurrency from users of Blockchain.info, one of the most popular providers of digital currency wallets, according to a report published Wednesday by Cisco’s Talos cybersecurity team.

The report explains how thieves preyed upon their victims using a “very simple” yet treacherous technique: Buying Google ads on popular search keywords related to cryptocurrency “to poison user search results” and snatch the contents of crypto wallets. This meant people Googling terms like “blockchain” or “bitcoin wallet,” saw links to malicious websites masquerading as legitimate domains for Blockchain.info wallets.

For example, the poison ads included “spoofed” links with small types like “blokchien.info/wallet” and “block-clain.info,” which sent visitors to a landing page that mirrored actual websites of the company Blockchain, which runs both the domains Blockchain.info and blockchain.com. (The legitimate sites appeared lower in results than the “poisoned” links, according to Cisco’s report.)

Fooled into believing they had come to the right place, victims then entered private information that allowed the hackers to gain access to their actual wallets and take their digital money. “The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” the Talos team led by Jeremiah O’Connor and Dave Maynor said in their report.

Blockchain, for its part, is working with Google “on a daily basis” to take down phishing ads, and secured the removal of almost 10,000 such malicious websites last year, along with another 3,000 it flagged in January alone, according to Blockchain CEO and co-founder Peter Smith.

The solution to this is not using Google to navigate. If you already have an account at blockchain.info or an exchange, BOOKMARK the url and go straight to that instead of googling the exchange name.

this is the good reason why we need to be carefull everytime we are opening our wallet in website for me as i always use myetherwallet as a wallet in some ERC20 tokens i bookmark the url and double check the main url if it is correct before i input my private key so that i can sure that this is not a fcking phishing sites. the same thing as i use in blockchain.info and my other wallets. what a sad for a people who lost there money for just a second while you are taking years to banking it.

    ▀   ▄   ▀
▀      ███  ▄   ▀
    ▀   ▄  ███  ▄   ▀
▀      ███     ███  ▄   ▀
    ▀   ▄   ▀   ▄  ███
▀      ███  ▄  ███      ▀
    ▀   ▄  ███  ▄   ▀
▀      ███     ███  ▄   ▀
    ▀   ▄   ▀   ▄  ███
▀      ███  ▄  ███      ▀
    ▀   ▄  ███      ▀
▀      ███      ▀
    ▀       ▀
Bitcasino.io
▄        ██ ██          ▄
▄ ▀▀     ██████████▄       ▀▀ ▄
▄▀▄█▀       ███   ████      ▀█▄▀▄
▐█ ▄         ███▄▄▄███▀        ▄ █▌
▄ ▀▄▄        ███▀▀▀▀███▄      ▄▄▀ ▄
▀▀▄▀▄        ███    ████      ▄▀▄▀▀
██▄█ ▄     ▄▄███▄▄▄▄███▀       █▄██
▄▄ █      ▀▀▀██▀██▀▀▀        █ ▄▄
▀▀▀ █▌       ▀▀ ▀▀         ▐█ ▀▀▀

▀█▄▀ █                   █ ▀▄█▀
▄██ ▀█▌▄           ▄▐█▀ ██▄

▄██ ▄▀ ▀▀   ▀▀ ▀▄ ██▄
▀▀▀▄█▀   ▀█▄▀▀▀
...Welcome offer...▄█████████████████████████▄
███████████████████████████
████████████████▀     ▐████
███████████████       ▐████
██████████████▌   ▐████████
██████████████▌   ▐████████
███████████           █████
███████████          ▐█████
██████████████▌   ▐████████
█████████████▌   ▐████████
██████████████▌   ▐████████
██████████████▌   ▐████████
▀█████████████▌   ▐███████▀
Payapa
Member
**
Offline Offline

Activity: 140
Merit: 12


View Profile
February 16, 2018, 02:45:22 PM
 #10

We see ads everywhere in the net nowadays. It's not surprising that hackers could utilize it since it's like a thing we see every time, yet not being vigilant enough to notice them, and their actions. I guess the lesson here is to double-check the domains of where you're going in the net, especially if it's anything that's in connection to crypto. Hardware/ paper wallets are recommended since there's no way for hackers to get into it other than getting their hands on the actual wallet in person. Bookmarking is one good way too to prevent from  searching, and storing your private key someone that's not the machine you're using for browsing.

⚪ Byteball     ❱❱❱     I T   J U S T   W O R K S .    ❱❱❱
Sending Crypto to Email  -  Risk-Free Conditional Smart Payments  -  ICO Platform with KYC
ANN THREAD          TELEGRAM          TWITTER          MEDIUM          SLACK          REDDIT
LoyceV
Legendary
*
Offline Offline

Activity: 1302
Merit: 2252


Self-made Legendary!


View Profile WWW
February 16, 2018, 02:48:14 PM
 #11

Google made profits from those "poison ads" ??
Yes. Google makes a small profit every time someone clicks an ad.
It would be interesting to see what happens if someone sues Google over this. For example, if you search for "ChipMixer" (the one in my signature is the real one), Google advertises a phishing website. I have reported the phishing site to Google on December 15, 2017, and I know other people have reported it too. Google simply ignores it, allows scammers to advertise, and earns from this. Doesn't that make Google responsible for all people who get scammed since the fake site was first reported?

If you see something like that report here : Report Phishing Page
They don't seem to care about people getting scammed, as long as they earn from it.

ostrovagaly
Member
**
Offline Offline

Activity: 238
Merit: 10


View Profile
February 16, 2018, 02:48:43 PM
 #12

Ddos attack, phishing attacks inflict damage on the not quite securely protected system, in such cases, if a large account is in the purse, you should check it every half day, so that it's not scary for your income

▰▰▰▰ Prime ▰▰▰▰
▰▰ WHITEPAPER ▰▰▰▰   b2b PAYMENTS FOR MARINE CARGO INDUSTRY  ▰▰▰▰ ANN THREAD ▰▰
 ▰▰ WEB SITE  ▰▰ TWITTER  ▰▰ TELEGRAM  ▰▰ FACEBOOK ▰▰   LINKEDIN  ▰▰
Kprawn
Legendary
*
Offline Offline

Activity: 1666
Merit: 1052


View Profile
February 16, 2018, 02:54:09 PM
 #13

http://fortune.com/2018/02/14/bitcoin-cryptocurrency-blockchain-wallet-hack/

Quote
For years, hackers have robbed Bitcoin investors, emptying their cryptocurrency wallets without fear of being caught thanks to the relative anonymity of the blockchain. Now, Cisco (csco, +5.04%) has exposed the thieves behind a string of particularly flagrant attacks.

A Ukrainian hacker group dubbed Coinhoarder has stolen more than $50 million in cryptocurrency from users of Blockchain.info, one of the most popular providers of digital currency wallets, according to a report published Wednesday by Cisco’s Talos cybersecurity team.

The report explains how thieves preyed upon their victims using a “very simple” yet treacherous technique: Buying Google ads on popular search keywords related to cryptocurrency “to poison user search results” and snatch the contents of crypto wallets. This meant people Googling terms like “blockchain” or “bitcoin wallet,” saw links to malicious websites masquerading as legitimate domains for Blockchain.info wallets.

For example, the poison ads included “spoofed” links with small types like “blokchien.info/wallet” and “block-clain.info,” which sent visitors to a landing page that mirrored actual websites of the company Blockchain, which runs both the domains Blockchain.info and blockchain.com. (The legitimate sites appeared lower in results than the “poisoned” links, according to Cisco’s report.)

Fooled into believing they had come to the right place, victims then entered private information that allowed the hackers to gain access to their actual wallets and take their digital money. “The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” the Talos team led by Jeremiah O’Connor and Dave Maynor said in their report.

Blockchain, for its part, is working with Google “on a daily basis” to take down phishing ads, and secured the removal of almost 10,000 such malicious websites last year, along with another 3,000 it flagged in January alone, according to Blockchain CEO and co-founder Peter Smith.

The solution to this is not using Google to navigate. If you already have an account at blockchain.info or an exchange, BOOKMARK the url and go straight to that instead of googling the exchange name.

NOPE!!!! Do not Bookmark these sites, because even Bookmarks can be changed. This will only create a false sense of security,

if people trust their own Bookmarks. Just type the damn URL and stop being lazy, because it is going to cost you money. Also,

DO NOT trust auto complete. These viruses or Malware can change the auto complete data too and then re-direct you to the

Phishing site. Use your eyes and double check the URL you typed. Blockchain.info takes 3 to 4 seconds to type for average

users... that is definitely not that much trouble.  Roll Eyes

Signature space for Hire :->
First77
Member
**
Offline Offline

Activity: 266
Merit: 32


View Profile
February 16, 2018, 02:58:47 PM
 #14

Google should really have a manual verification process for untrusted ad partners, ensuring that they are not mimicking similar services, or sites that cater for sensitive information. To some degree, I think Google is responsible for the losses incurred by these users. To be honest though, you need to be pretty stupid to be fooled by the old domain switcheroo attack. e.g. www.blockchain.info.xyz could be used instead of the actual domain. Most browsers even highly the domain extension and flag up potentially malicious sites. So these people must be either 1. Woefully ignorant, 2. Not adequately secured, or 3. Both.

Google has multi-billion dollars software which shows "google ads" all over the internet. They track users activities on the internet and "google ads" become headaches. Google has been responsible for killing "internet marketing".

Why click/see google ads ?
First77
Member
**
Offline Offline

Activity: 266
Merit: 32


View Profile
February 16, 2018, 03:08:01 PM
 #15

Yes. Google makes a small profit every time someone clicks an ad.The hackers paid google by the click, and they probably thought it was very cheap for the gains they were making through hijacking people's wallets.

Why do people click/see google ads.

Other ways such as "forum signatures" are safer than google ads.


Like I said: bookmark the urls of the exchanges you use. Don't google them.

Use and throw google.com  Grin
First77
Member
**
Offline Offline

Activity: 266
Merit: 32


View Profile
February 16, 2018, 03:14:31 PM
 #16

It would be interesting to see what happens if someone sues Google over this. For example, if you search for "ChipMixer" (the one in my signature is the real one), Google advertises a phishing website. I have reported the phishing site to Google on December 15, 2017, and I know other people have reported it too. Google simply ignores it, allows scammers to advertise, and earns from this. Doesn't that make Google responsible for all people who get scammed since the fake site was first reported? They don't seem to care about people getting scammed, as long as they earn from it.

the main problem is Google's multi-billion dollar software which rules the internet keeps showing/bombards "google ads" all over the internet.
brengoskandel
Member
**
Offline Offline

Activity: 210
Merit: 10


View Profile
February 16, 2018, 04:43:30 PM
 #17

one thing I hate most in the internet world is hackers, they abuse their intelligence to harm many parties
they hack the system, steal valuable assets, as well as valuable information that is neatly stored with the intention of pleasure or to gain profit for themselves, and now I feel very anxious when doing transactions, they can come anytime
pick up and leave without leaving a trail and without feeling guilty
DdmrDdmr
Sr. Member
****
Offline Offline

Activity: 308
Merit: 1224

There are lies, damned lies and statistics. MTwain


View Profile WWW
February 16, 2018, 04:55:13 PM
 #18

Google Adds should include a reputation score of some sort. This way the well known companies with legit adds could be identified by us users easily, while scrutinizing the rest.
Also Google should work on shutting down adds that link to scams (i.e. no reputation + x amount of negatives -> shutdown), similarly to how antiviruses do.

newinbtc
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001


View Profile
February 16, 2018, 05:05:03 PM
 #19

how google improve the website without any verification , IF we place an ad with same keyword with high bid that person always win. In this google made money But at least we people must watch the address we are opening that is right or wrong. Most of cases i seen that people search a word and they open first website which google shows and it was an add. Google get paid and That website tell all traffic.

always bookmark the urls u often visit otherwise we will lose our secure funds and always install proper internet security antivirus
Daveeoff
Hero Member
*****
Offline Offline

Activity: 614
Merit: 500



View Profile
February 16, 2018, 05:16:36 PM
 #20

Google need to tighten their security regarding advertising. They cannot let websites like this use Google Adsense...

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!