Share this article
Cisco: Bitcoin Phishing Scam Bagged $50 Million Over 3 Years
Cisco has released new information about a bitcoin phishing scam that involves websites masquerading as Blockchain.info.
By Stan Higgins
Updated Sep 13, 2021, 7:34 a.m. Published Feb 15, 2018, 7:00 a.m.
Security researchers at Cisco have released new information about a bitcoin phishing scam that involves websites masquerading as Blockchain.info, the popular online wallet service.
In a blog post published Wednesday, Dave Maynor and Jeremiah O'Connor detailed the Coinhoarder phishing scam, which they said Cisco has been investigating in the past six months in partnership with the Ukrainian Cyberpolice. All in all, they said that those behind the scam had netted $50 million in cryptocurrency over a three-year period.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
"The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims," they wrote. "This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals."
As shown in the blog, those behind the attack would create websites similar to Blockchain but with different domain names – "block-clain.info" and "blockchien.info" among them – that the casual user may not notice. They then "leveraged Google Adwords to poison user search results in order to steal users' wallets," thereby directing more traffic to those pages.
Cisco traced the group's activity back to as early as 2015 and estimated that "tens of millions of dollars" in cryptocurrency had been stolen since that year. They indicated that as much as $50 million had been stolen, including $2 million in less than 4 weeks during one period last year.
"What is clear from the COINHOARDER campaign is that cryptocurrency phishing via Google Adwords is a lucrative attack on users worldwide," the firm concluded.
Image via Shutterstock
More For You
알아야 할 것:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin’s Long-Term Holders Hit Cyclical Low as Sell Pressure Finally Eases
Long-term holder supply bottomed when bitcoin sank to $80K, signaling that the wave of spot-driven selling may be nearing exhaustion as prices rebound to $90K.
알아야 할 것:
- Long-term holder supply fell to 14.33M BTC in November, its lowest level since March, coinciding with bitcoin’s $80K correction low.
- The rebound to $90K suggests the bulk of spot-driven selling from seasoned holders has passed after a 36% peak-to-trough decline.
- Unlike prior cycles, LTH behavior in 2025 shows more measured distribution rather than blow-off-top capitulation, signaling a shift in market structure.
Top Stories
