Ukrainian Phishing Gang Robs Cryptocurrency Wallet Owners out of $50 million

Cillian Wilson blog PublishedNovember 9, 2018 | ModifiedNovember 9, 2018


Ukrainian Phishing Gang Robs Cryptocurrency Wallet Owners out of $50 million

As cryptocurrencies steadily evolve and expand their reach, hackers seem determined to take advantage of their growth. During the last months, cryptocurrency holders have seen their wallets targeted by widespread phishing campaigns, including roughly $50 million that Ukrainian crypto-gang Coinhoarder walked away with.

Cybercriminals Exploit Google AdWords to Target Victims

According to a report published on on February 15th, 2018, security researchers teamed up with Ukraine’s Cyberpolice unit to uncover a phishing scam that was going on for at least three years. According to their estimations, the criminal group, dubbed Coinhoarder, managed to amass a total of $50 million in cryptocurrencies since 2015 – including an amount of $2 million that was taken in less than a month during 2017. The phishing campaign was based on the simple premise of setting up fake websites mirroring the immensely popular online wallet website, The hackers then ensured a steady purchase of Google AdWords in order to infiltrate search results of users looking to access and position their fake websites in a favorable spot.

Phishing Attack Relied on Reputation

The campaign played out as an ordinary phishing scam: hackers masqueraded as a trusted entity in order to dupe victims into giving them unauthorized access to sensitive financial information – in this case, to their cryptocurrency wallets. According to, the perpetrators set up fake sites with similar but slightly different domain names to, like “”, targeting specific geographic areas. Once users accessed the fake site, they would be fed phishing content in their native language, determined according to their geographic region that was revealed through their IP address. According to a report on the issue published on Tripwire on February 15th, 2018, African countries were persistently targeted by the Ukrainian group, which managed to snatch $10 million just in the last four months of 2017.

Source: Pixabay Top Cryptocurrency Wallet Website

Whether in order to address the ordeal or by coincidence, changed its domain name during the summer to The site has been instrumental in spreading cryptocurrency adoption, with many supporters taking their first steps at their own e-wallet on From 2013 to 2014, it was the bitcoin-related site with the most visitors, rising to a total of 120 million views, while it was the first electronic wallet site to pass the one million milestones in wallet downloads. Furthermore, it ranks among the top 1,000 sites across the world and, in 2017, it received $40 million in funding and teamed up with Unocoin in order to promote altcoin adoption in India. Using the name to scam people was a simple yet effective move that relied precisely on this popularity.

This is not the first and certainly not the last time that cryptocurrency owners become the targets of hackers. The boom that digital coins saw in the past couple of years opened up new possibilities for cybercriminals. In the early days, it was mostly IT professionals and enthusiasts who were involved with crypto – tech-savvy people who were more suspicious against phishing attacks due to their specialized knowledge. Ever since Bitcoin and its competitors saw widespread adoption, people from all walks of life are looking to invest in cryptocurrencies – and hackers see many of them as easy prey.

Post your comment...