Skip to main content

Security Firm Claims One Group Stole $200M in Numerous Exchange Hacks



One shadowy group of cyber criminals might be behind attacks on various crypto exchanges (including “decentralized” exchanges) dating back to 2018, Israeli cybersecurity firm ClearSky claimed in a report released on Wednesday.

“We estimate that the group managed to rake in more than $200 million in two years,” the ClearSky report says about the cybercriminal collective the report calls CryptoCore. “We assess with medium level of certainty that the threat actor has links to the East European region, Ukraine, Russia or Romania in particular.”

ClearSky co-founder Boaz Dolev said his firm found at least five exchange hacks over the past two years that followed a particular pattern, though he declined to identify these exchanges on the record. 

“They can attack very quickly,” Dolev said of CryptoCore, which he claimed once deployed an attack just 12 hours after registering fresh domain names. “They’re not a big group, maybe three to four people … a small but effective operation.” 

So far, ClearSky estimates the cyber criminal group stole $200 million over the past two years. Other firms have called the same group different names, such as “Leery Turtle.”

Or Blatt, ClearSky’s threat intelligence team leader, said he believes the alleged thieves are rogues without military training or support. He described the attacks as “much less sophisticated” than ones conducted by Russian military intelligence officers indicted for influencing American elections while using bitcoin in 2016. 

“They are cyber criminals and we know of other similar cybercrime groups,” Blatt said. “In order for such an attack to succeed, usually the [crypto exchange] employees need to be vulnerable to social engineering … [We] didn’t see this attacker exploiting VPN [virtual private networks], for example, which is something we often see with other groups.”

Human error

Dolev said crypto exchanges that don’t use the same level of security practices as banks are vulnerable to such attacks. 

The report details how the hacker group allegedly gained access to several exchange executives’ private email accounts, then used spear-phishing – impersonating a high-ranking employee – “either from the target company itself or from a company that deals with the target,”  to acquire information that grants access to crypto wallets.

Nicholas Percoco, head of security at the crypto exchange Kraken, said, “We routinely see attempts through multiple attack vectors, including social engineering attempts,” so his company often shares information with other exchanges targeted by such criminal campaigns. 

Ignoring CryptoCore specifically (Kraken was not mentioned in ClearSky’s report), Percoco said it is common for such cyber criminals to target several institutions in the same sector, especially the individuals who work at exchanges.

The concept of such a social engineering campaign, as ClearSky described, makes sense to Percoco. This is why Kraken’s security chief said he focuses on training sessions across the staff, because you “can’t patch a human, in addition to technical controls.” Plus, Kraken Security Labs routinely tries to penetrate the exchange system and find vulnerabilities, he said. 

“We will take all our employees, executives included, through extensive security training,” Percoco said. “We go very deep about home network security, social network security, even their own personal device security.” 

Dolev warned that, especially considering the mass exodus to remote work caused by COVID-19, crypto exchanges face a “higher risk” in 2020. Indeed, Blatt added that CryptoCore appears to be more active since the coronavirus crisis began. 

“If you put your money on an exchange, you don’t know if it’s secure or not,” Dovel concluded.

Source: coindesk.com

Comments

Contact us

Name

Email *

Message *

Popular posts from this blog

Cryptocurrencies Adding to the Safety and Security in the UK Gambling Industry

These are exciting times for the UK gambling industry. The impact of internet technology is now being felt with online gambling now controlling the industry.  The adoption of cutting-edge technology is reasonable for the boom in the industry. From live casinos, mobile apps to artificial intelligence, incredible trends continue shaping the gambling industry. However, it is the rise of cryptocurrency casinos that seeks to redefine UK gambling.  Many operators now include crypto coins such as bitcoin, Ethereum and Litecoin as part of their banking methods. Others offer exclusive bitcoin payments and promotions based on digital tokens. This revolutionary trend has a huge impact due to enhanced safety and security on these platforms. Players looking for peace of mind when playing online now opt to use cryptocurrencies. This post looks at how cryptos guarantee the safety and security of players at online casinos. How Cryptocurrency Gambling Works There’s a lot of talk ab...

Coinbase to Require Recipient Information for Crypto Transfers From Users in Canada, Singapore and Japan

  Customers in those countries who send crypto outside their Coinbase accounts must provide recipients’ names, addresses and in some cases, additional information, as of early April. Cryptocurrency exchange Coinbase Global (COIN) will soon require its customers in Canada, Japan and Singapore who send cryptocurrency to another financial institution or exchange to provide the name, address and in the case of Japan, the destination wallet of the recipient. Coinbase has been sending notices to its customers in those countries that the changes will take effect in early April in order to comply with local travel rules in those places. Coinbase didn't immediately respond to requests for additional comment on the moves, but confirmed that they were taking place. The move  does not seem to be going over well  with Coinbase customers in those countries, who value the anonymity of transactions using cryptocurrency. According to a  FAQ provided by Coinbase , for Canadian users, ...

Farm GRASS earn MONEY

  Use your Unused Internet Bandwidth to make $$$ In today’s interconnected world, the concept of passive income has taken on new dimensions, offering innovative ways for individuals to monetize underutilized assets.  One such groundbreaking avenue involves earning money by selling your unused internet connection.  By participating in decentralized networks like Grass, individuals have the opportunity to turn their dormant bandwidth into a valuable asset, contributing to a fairer and more equitable digital landscape while generating income. Grass is a decentralized network sharing application designed to offer an alternative to existing centralized networks.  It allows users to sell their unused bandwidth directly, without the need for exploitative middlemen.  The platform operates by enabling users to download a web extension that runs in the background, assisting others in accessing public web data in exchange for payment using the protocol’s native token. How ...