Talos was first alerted to the
phishing threat on Feb. 24, 2017, when a Ukrainian - based
phishing scheme, COINHOARDER, targeted the blockchain.info wallet service
through Google Ads that contained «gateway
phishing links» and generating over 200,000 client search queries.