A Ukrainian hacker group dubbed Coinhoarder has been exposed by Cisco’s Talos cybersecurity team after stealing more than $50 million in cryptocurrency from users of, one of the most popular providers of digital currency wallets.

The report reveals how thieves mastered a “very simple” technique through buying Google ads on popular search keywords related to cryptocurrency “to poison user search results” and snatch the contents of crypto wallets, according to

In short, if you ever searched for terms like “blockchain” or “bitcoin wallet,” you would see links to malicious websites masquerading as legitimate domains for wallets.

Read alsoBBC: UK blames Russia for 'malicious' NotPetya cyber attackThe “massive phishing campaign” was part of a six-month investigation between Cisco and Ukraine’s Cyberpolice.

Facebook banned all cryptocurrency ads earlier this year, and now Google is reported to be working to root out abusive ads.