Cisco Report Claims Ukraine Hackers Stole More Than $50 Million in Crypto

Crime, Group, News | February 15, 2018 By:

A report from Cisco’s Talos cybersecurity team says a Ukraine hacker group called Coinhoard has stolen more than $50 million in cryptocurrency from users of, the digital currency wallet provider.

The Cisco report explained how the group used a unique technique: Buying Google ads on search keywords related to cryptocurrency. People Googling terms like “blockchain” or “bitcoin wallet,” saw links to malicious websites masquerading as legitimate domains for wallets.

The bogus ads were slightly altered in their URLs, but mirrored the actual Blockchain web site. Ironically, the real appeared lower in search results than the spoofed sites, Cisco said.

Once at the bogus sites, the victims entered private keys that allowed hackers access to their digital wallets.

Cisco worked with Ukraine’s Cyberpolice for six months on the report. The reported that the Coinhoarder practices have become increasingly common, with many different wallets and exchanges targeted.

The Coinhoarder thefts happened over three years, but racheted up at the end of last year, when bitcoin prices were at the $20,000 per single coin level. Cisco claimed $10 million was taken in the last four months of 2017.

Cisco managed to obtain some of the bitcoin wallet addresses used by Coinhoarder.