Ukrainian hacking groups have used Google ads to steal more than $50 million in cryptocurrencies.
Lei Feng Online AI Financial Review press: Cryptocurrency world recently revealed a hacker incident. But what's new this time is that Talos cybersecurity, Cisco's security firm, was also involved in exposing the hacks (and succeeding).
It is reported that the hackers chose to use Google Ads to break into. Using this very basic phishing technique, the total cost over the past three years has been approximately $50 million.
Cryptocurrencies have become a regular target for hackers.
Cryptocurrencies are often stored in exchanges, mining pools, or users' personal wallets, making individuals' computers and exchanges the main targets of hackers. Unfortunately, many people have suffered such attacks in recent years. The biggest attacks are known to everyone in the crypto world: Mt. Gox and Coincheck, which have faced the biggest hack in cryptocurrency history, have been in the headlines for days after two cases that were stolen in nearly $1 billion.
Mt. Gox was a major cryptocurrency exchange until 2014, when it was hit by the largest cryptocurrency hack in history. The hack, estimated at about $450 million, led to the exchange declaring bankruptcy. The shock wave swept the cryptocurrency community, causing the price of Bitcoin to plummet.
The most recent, larger hacking attack occurred at the end of January 2018. Cincheck was hacked to more than $500 million, but has so far remained active because it is solvent. Thanks to the money market boom of 2017, a flood of investors, trading volumes and wealth has left Coincheck with enough reserves to make up for the losses. However, while Coincheck did not declare bankruptcy and usher in an era of regulation, the prices of BTC and XEM (the currency hacked) fluctuated sharply after the hacking.
Hacking seems to be getting bigger and bigger, and so does the audacity of hackers. But beyond that, many of the smaller cryptocurrencies "robbery" have not really been discussed.
Use Google ads to steal cryptocurrencies.
According to Talos cybersecurity, the hack was carried out through Google ads. Although hundreds of millions of dollars have been stolen, $50 million is still a small amount. Especially for those who lost cryptocurrencies in the hack. Blockchain should be transparent, but even if the amount of transactions is publicly displayed, the wallet sending the currency is still difficult to identify. Over the years, hackers have been robbing millions of cryptocurrencies because they can remain anonymous.Cryptocurrencies are created to provide users with anonymity, but blockchains like BTC are completely transparent. This transparency is beneficial in most cases unless you encounter a hacker using the Bitcoin blockchain. Even if it is revealed which wallet the funds were transferred to, the true identity of the hacker will not be revealed.
Cisco has recently shifted its focus to blockchain technology. As a result, they are able to understand security threats and go a step further in exposing the underworld behind a number of bold hacking incidents. The latest hacking incident was carried out by an organization calling itself Coinhoarder, based in Ukraine. These hackers use very basic technology, but they can attract thousands of people's attention and money. This simple technique includes hacking groups posting ads on Google related to key search terms. These key search criteria are directly related to cryptocurrencies. "Blockchain," "Cryptocurrency Wallet" and "Bitcoin Wallet" are all search terms that provide malicious advertising.
Ads displayed for these specific search terms mimic legitimate domain names specifically for cryptocurrency wallets, such as blockchain.info. Users can't notice subtle differences between domain names and websites, which allows hackers to keep unsuspecting users browsing their malicious websites for long periods of time.
The landing page for "blokchien.info/wallet" looks almost identical to the blockchain.info that users are familiar with. If you don't notice that there's less "ie" or "c" in your URL, you may be easily tempted into scams. The worst (or smarter) part is that hackers pay enough to rank their malicious links higher than the correct version of the website they imitate.
Once users enter malicious websites, they do the same as they did when they visited the right sites for the first time or habitually. In this way, they enter personal information so that hackers can access accounts (wallets) on the correct website. Once they access the user's wallet, they transfer the money to themselves, and the hack ingons are complete. The whole strategy is to imitate the right website as much as possible and buy Google ads at a high price. Even more shocking is that the phishing scam has been going on for three years, according to Cisco's investigation in partnership with Cyberpolice in Ukraine.
Ukrainian hacking group Coinhoarder.
It is now widely believed that the Coinhoarder Group is responsible for a number of hacking incidents since 2015, with the value and number of such incidents rising sharply at the end of 2017 as the price of bitcoin climbs. More than $10 million was stolen between September, November and December. Even as cyber police forces and senior security firms go after them, hackers are still emboldened. While sites such as Facebook have banned cryptocurrency-related advertising, technology to simulate phishing scams is becoming increasingly popular.
Coinhoarder specializes in phishing scams, but this is just one of many techniques for stealing cryptocurrencies. According to Lei Feng.com (public number: Lei Feng.com), the notorious North Korean hacking group Lazarus Group, also engaged in phishing scams through website mirroring technology. More and more hacker organizations are using very basic website mirroring technology to allow users to provide the information they need to access their wallets and steal expensive cryptocurrencies. The vast majority of individuals recently hacked have had IP addresses mainly in Africa, Nigeria and Ghana. This is not surprising, since the less developed regions of the world are the most used cryptocurrencies, and people there may not receive enough education on anti-fraud. However, a fully mirrored site can be confusing unless users actively monitor the URLs they visit.
Be alert to your web address and download security software.
The Bitcoin address to which the stolen funds were transferred is known, but we still have nothing to do with it. The problem is that the BTC address is anonymous and there is nothing but a number, and it is almost impossible to know who has a suspicious wallet. We can monitor and track funds indefinitely until they are spent or transferred to an exchange. But no one can guarantee success in finding the holder of the wallet.
The benefits of blockchain are occasionally its disadvantages. If blockchain is completely transparent and needs identification, we can find the hacker, but decentralization and anonymity are gone. Almost everything in life has a trade-off that allows individuals to hold bitcoin wallets without the need for identification, allowing individuals to hold money with a wallet number in a secure blockchain. In this case, the way hackers spend their money is difficult to capture and expose.
Lei Feng believes that the lesson you can learn from the whole situation is to be highly alert to the websites you visit and the ads you click on. In addition to being alert, be sure to use antivirus and anti-phishing software. Copying your wallet is also ideal if you are investing in any ICO (based on ETH) or need a place to ensure that your ETH is not scammed by phishing.
Go to "Discovery" - "Take a Look" to browse "Friends are watching"
send to have a look.