Scammers Now Using Google Ads To Steal Millions Of Bitcoins

Watch out for deceptive cryptocurrency websites.  
The Scammers now uses Google Ads to promote fake and other related pages designed to steal your login credentials.

Scammers (cybercriminals) have illegally made millions of dollars using Google ads that sent internet users searching blockchain-related terms to phishing sites.

The scammers purchased Google search ads that disguised like, a major provider of Bitcoin digital wallets. The ads showed at the top of search pages for anyone who Googled “blockchain” or “bitcoin wallets,” according to Cisco’s Talos security group and Ukrainian police, which cautioned people against the scheme on Wednesday.

However, not any of these ads sent users to the real domain. They rather forwards victims to matched (similar) pages that were being control by the scammers, stealing personal information such as passwords to digital wallets, typed into dummies sites.

Cisco’s Talos group uncovered the scheme last year February, when it noticed the phony sites were drawing about 200,000 client to themselves per hour. Those scammers’ own Bitcoin wallets were later tracked down by the security researchers after amassing around $10 million worth of bitcoin from September to December.

“In one specific run, they made $2M within 3.5 week period,” said Cisco Talos.

What Is Google Doing About The Ad Abuse?

Up till now, Google is yet to comment on the ad abuse. However, the company continues with its flagging of web domains involved in the scam, tagging them as “deceptive sites.” According to Ukrainian police, the search giant added new rules to its ad platform to crack down on the fraud.

Last year scam was actually easy for anyone to spot. It counted on web addresses with spelling errors, such as “,” “” and “” But, non-English speakers may have actually had trouble spotting the difference. Computers based in Nigeria, Ghana, and Estonia were among those discovered visiting such malicious web pages. (A full list of the spoofed domains can be seen HERE.)

Currently, no info about those behind the scam, but the make use of an internet hosting provider based in Ukraine. Cisco Talos is also issued warning, saying that these bad eggs may be planning to strike again. They’ve been creating domain names that appears like, but actually use Cyrillic alphabet characters for English ones.

Talos said; “These attacks can be nearly impossible to spot with the human eye.”

To avoid falling for scammers, you need to be very careful with internet links found in online ads, emails, or social media posts. Hackers like to push legitimate-looking content in the hopes you’ll fall for their trap.

You might also like
Leave A Reply

Your email address will not be published.