On June 24, reports emerged that one hacker group has managed to steal $200 million in cryptocurrency from exchanges. It used “spear-phishing” attacks to gain access to these crypto exchanges, which proved to be effective.
The group is known as ‘CryptoCore’ allegedly operated out of Eastern Europe targeting exchanges since 2018, based on ClearSky cyber-security firm’s reports. These criminals targeted exchanges in Japan and the United States.
Although these cyber-criminals have stolen over $200 million within two years, experts believe:
“the group is not extremely technically advanced. Instead, it is swift, persistent, and effective.”
They use that strategy to steal from unsuspecting individuals quickly which accounts for their massive success rate.
How they operate
This CryptoCore gang accesses crypto wallets that are owned by employees and exchanges. The hackers start with an extensive reconnaissance phase against the company and its workers.
Then, they find their way to using spear-phishing attacks. These attacks consist of emailing an executive from an account that appears like a bona fide high-ranking employee. They pose as they work from the same company or from an organization that they partner with.
After the network is compromised, the cybercriminals install malware and access the executive’s password manager accounts. The manager accounts are the places where all the crypto wallet keys are kept.
The gang waits, and should a multi-factor authentication be removed; they pounce immediately and responsively. At that moment, these thieves drain funds from the wallets. Expert reports state that:
“Activity receded in the first half of 2020, one possible reason being the limitations induced by the COVID-19 pandemic.” But it “didn’t stop completely.”
Spear-phishing has become a common strategy used by hackers, and it has become a significant problem. A mega spear-phishing campaign was launched against YouTubers at the start of this year. Accounts with many subscribers got hijacked when the owners opened dodgy links.
After gaining entrance, hackers changed passwords and deleted all the videos. They then ran single live streams featuring an interview with celebrities like digital assets exchange Binance’s CEO Changpeng Zhao or Tesla’s Elon Musk.
The phony celebrities requested their viewers to send them crypto funds promising to send even more back. That was a scam, but it was successful. One major Musk scam stole $2 million in two months. But, the crypto exchanges were hit much worse.