Bitcoin Forum
September 25, 2018, 10:07:04 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Hackers Stole $50 Million in Cryptocurrency Using 'Poison' Google Ads  (Read 153 times)
First77
Member
**
Offline Offline

Activity: 266
Merit: 32


View Profile
February 17, 2018, 12:55:13 AM
 #21

Google need to tighten their security regarding advertising. They cannot let websites like this use Google Adsense...

YES, less Google Adsense
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537913224
Hero Member
*
Offline Offline

Posts: 1537913224

View Profile Personal Message (Offline)

Ignore
1537913224
Reply with quote  #2

1537913224
Report to moderator
Fakhri1907
Newbie
*
Offline Offline

Activity: 280
Merit: 0


View Profile WWW
February 17, 2018, 01:13:28 AM
 #22

Ayay sir, i will bookmark my wallet website from now. Thank you for sharing this information
alyssa85
Legendary
*
Offline Offline

Activity: 1288
Merit: 1056


View Profile
February 17, 2018, 01:16:46 AM
 #23

Google made profits from those "poison ads" ??
Yes. Google makes a small profit every time someone clicks an ad.
It would be interesting to see what happens if someone sues Google over this. For example, if you search for "ChipMixer" (the one in my signature is the real one), Google advertises a phishing website. I have reported the phishing site to Google on December 15, 2017, and I know other people have reported it too. Google simply ignores it, allows scammers to advertise, and earns from this. Doesn't that make Google responsible for all people who get scammed since the fake site was first reported?


Perhaps report Google to the FTC? I think they regulate online advertising:

https://www.ftc.gov/tips-advice/business-center/advertising-and-marketing/online-advertising-and-marketing

First77
Member
**
Offline Offline

Activity: 266
Merit: 32


View Profile
February 17, 2018, 04:21:46 AM
 #24

Ayay sir, i will bookmark my wallet website from now. Thank you for sharing this information

Direct source/website is good. Use less Google
krishnaverma
Member
**
Offline Offline

Activity: 308
Merit: 56

★Bitvest.io★ Play Plinko or Invest!


View Profile
February 17, 2018, 07:08:24 AM
 #25

Google Adds should include a reputation score of some sort. This way the well known companies with legit adds could be identified by us users easily, while scrutinizing the rest.
Also Google should work on shutting down adds that link to scams (i.e. no reputation + x amount of negatives -> shutdown), similarly to how antiviruses do.

Google already has very strict mechanisms to detect such ads. As an internet marketer, I have suffered a lot because of their strict policies. They completely ban your Adwords account if they notice any suspicious activity like promoting scams or illegal offers. Sometimes people are able to find loopholes and these are exploited till Google notices and patches them.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ★ ★ ★ ★ ★ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
PLINKO    |7| SLOTS     (+) ROULETTE    ▼ BIT SPINBITVESTPLAY or INVEST ║ ✔ Rainbot  ✔ Happy Hours  ✔ Faucet
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ★ ★ ★ ★ ★ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Sevarchik
Member
**
Offline Offline

Activity: 308
Merit: 10

The Future of Security Tokens


View Profile
February 17, 2018, 07:11:55 AM
 #26

Always hackers find new ways how to fool system, by this reason my recommendation never lost their actuality - Use dedicated laptop for wallet operations

Dudeperfect
Hero Member
*****
Offline Offline

Activity: 966
Merit: 531

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile WWW
February 17, 2018, 07:23:29 AM
 #27

Exactly! if we have shown interest in the bitcoin or blockchain on social media then we are the part of huge ad-bombing taking place on these platforms. Phishing through platforms like FB, Google is still easy to conduct and it is really frustrating. The mass awareness is the only solution I do see when it comes to the issues like this one.

There is a huge power lies in Cryptocurrencies but as Uncle Ben says "With Great Power Comes Great Responsibility". In crypto we are responsible for our actions.

First77
Member
**
Offline Offline

Activity: 266
Merit: 32


View Profile
February 21, 2018, 03:28:29 PM
 #28

Always hackers find new ways how to fool system, by this reason my recommendation never lost their actuality - Use dedicated laptop for wallet operations

For years, hackers have robbed Bitcoin investors, emptying their cryptocurrency wallets without fear of being caught thanks to the relative anonymity of the blockchain. Now, Cisco (csco, +5.04%) has exposed the thieves behind a string of particularly flagrant attacks.
spiker777
Sr. Member
****
Offline Offline

Activity: 602
Merit: 254


Better. Quick. Transparent.


View Profile
May 16, 2018, 11:21:43 PM
 #29

Google should really have a manual verification process for untrusted ad partners, ensuring that they are not mimicking similar services, or sites that cater for sensitive information. To some degree, I think Google is responsible for the losses incurred by these users. To be honest though, you need to be pretty stupid to be fooled by the old domain switcheroo attack. e.g. www.blockchain.info.xyz could be used instead of the actual domain. Most browsers even highly the domain extension and flag up potentially malicious sites. So these people must be either 1. Woefully ignorant, 2. Not adequately secured, or 3. Both.

It's been so long and yet they still haven't learned. Sorry for necro bump but this really F***ing annoys me.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
CoinHoarder
Legendary
*
Offline Offline

Activity: 1428
Merit: 1004

In Cryptocoins I Trust


View Profile
August 11, 2018, 07:03:24 PM
 #30

A Ukrainian hacker group dubbed Coinhoarder

Just popping in to say that I obviously have nothing to do with this, because I don't know any Ukranians....

Well... as long as you don't count the random Ukranian couple I met while staying at a hostel in Amsterdam, with whom I have not had any contact ever since. 😂
nguyenhoven
Jr. Member
*
Offline Offline

Activity: 238
Merit: 1


View Profile
August 11, 2018, 07:06:30 PM
 #31

http://fortune.com/2018/02/14/bitcoin-cryptocurrency-blockchain-wallet-hack/

Quote
For years, hackers have robbed Bitcoin investors, emptying their cryptocurrency wallets without fear of being caught thanks to the relative anonymity of the blockchain. Now, Cisco (csco, +5.04%) has exposed the thieves behind a string of particularly flagrant attacks.

A Ukrainian hacker group dubbed Coinhoarder has stolen more than $50 million in cryptocurrency from users of Blockchain.info, one of the most popular providers of digital currency wallets, according to a report published Wednesday by Cisco’s Talos cybersecurity team.

The report explains how thieves preyed upon their victims using a “very simple” yet treacherous technique: Buying Google ads on popular search keywords related to cryptocurrency “to poison user search results” and snatch the contents of crypto wallets. This meant people Googling terms like “blockchain” or “bitcoin wallet,” saw links to malicious websites masquerading as legitimate domains for Blockchain.info wallets.

For example, the poison ads included “spoofed” links with small types like “blokchien.info/wallet” and “block-clain.info,” which sent visitors to a landing page that mirrored actual websites of the company Blockchain, which runs both the domains Blockchain.info and blockchain.com. (The legitimate sites appeared lower in results than the “poisoned” links, according to Cisco’s report.)

Fooled into believing they had come to the right place, victims then entered private information that allowed the hackers to gain access to their actual wallets and take their digital money. “The attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims,” the Talos team led by Jeremiah O’Connor and Dave Maynor said in their report.

Blockchain, for its part, is working with Google “on a daily basis” to take down phishing ads, and secured the removal of almost 10,000 such malicious websites last year, along with another 3,000 it flagged in January alone, according to Blockchain CEO and co-founder Peter Smith.

The solution to this is not using Google to navigate. If you already have an account at blockchain.info or an exchange, BOOKMARK the url and go straight to that instead of googling the exchange name.

yeah i noticed the majority of google ads with certain keywords give out the fake phishing links. It's really annoying and dangerous especially for noobs who have no experience.

◈ HYPERQUANT ◈ Platform for Professional Asset Management  (https://goo.gl/wGkw41)
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!