Someone Has Been on a $200M Crypto Exchange Hacking Spree

Published at: June 24, 2020

A cybercriminal group has allegedly stolen around $200 million from cryptocurrency exchanges over the past two years. In total, they are believed to have hit 10 - 20 victims across the United States, the Middle East, and Asia.

According to research by the cybersecurity firm ClearSky, the gang named “CryptoCore,” known with other pseudonyms like “Dangerous Password” and “Leery Turtle,” has been actively targeting crypto firms since 2018 — specifically exchanges.

Source: ClearSky

They confirmed that CryptoCore stole $200 million from at least five victims, several of whom were located in Japan.

Between 10-20 additional companies could be affected

The names of targeted crypto exchanges were not revealed due to non-disclosure agreements with the victims. It is believed that the total number of targets could be as high as 20 in total.

The cybersecurity firm believes CryptoCore may have links to the Eastern European region, Ukraine, Russia, or Romania.

Phishing attacks launched against the exchanges

The hackers used spear-phishing attacks to gain access to crypto exchanges’ wallets. In some cases, they may have targeted executives’ personal email accounts.

The report details that spear-phishing attacks are “typically” carried out by impersonating employees, mostly those who have a high-ranking role within the company or from another organization like the advisory board.

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, provided some comments regarding spear-phishing attacks like CryptoCore did:

“Some phishing campaigns consist of non-targeted mass emails sent to a large number of people. Others, however, are crafted to target specific individuals - a company executive, for example. This known as spear phishing and, because the actor may have spent time collecting information about the individual being targeted, the emails can be extremely convincing.”

Callow also adds:

“Many security incidents and data breaches start with phishing emails. Phishing campaigns are typically designed to either collect logins - for example, by directing the recipient to a fake banking site - or to deliver malware via malicious attachments. In either case, the end result can be the same: a compromised network.”

CryptoCore is not the only headache for the exchanges

North Korean hacking team, Lazarus Group, targeted several crypto exchanges last year, as per a Chainalysis report. One of the attacks involved the creation of a fake, but realistic trading bot website that was offered to employees of the DragonEx exchange.

Recently, Cointelegraph reported on a study that warned of a massive phishing campaign that could be launched by Lazarus soon. This could allegedly target six nations and over 5 million businesses and individuals.

Tags
Related Posts
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Major Chilean bank shuts down all branches following ransomware attack
Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil. According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident. Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and …
Technology / Sept. 8, 2020
US Secret Service Creates Finance-Related Cybercrime Task Force
The U.S. Secret Service announced the creation of the Cyber Fraud Task Force, or CFTF on July 10, after merged its Electronic Crimes Task Forces and Financial Crimes Task Forces into a single network. According to the official announcement, the Secret Service had been planning over two years to create a unified task force to combat cybercrimes related to the financial sector and fight things like ransomware attacks, business email compromise scams, credit card online stealing, among others. The CFTF appears in a context that the illegal market of credit card stolen data through the dark web and banking details …
Blockchain / July 12, 2020
Successful Ransomware Attacks Decline in 2020
The number of successful ransomware attacks witnessed a decrease between January and April 2020 in the U.S. public sector amid the COVID-19 crisis. However, researchers have recently noticed that trend reversing, with incidents now starting to increase. According to the study by the malware lab, Emsisoft, the figures show a decline in comparison to the 966 targeted establishments that were successfully attacked at the cost of $7.5 billion. Strong decline in the figures compared with 2019 stats However, during the Q1 and Q2 2019, just 128 federal and state entities, healthcare providers, and educational districts were attacked by ransomware gangs. …
Technology / July 9, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020