Attacks on cryptocurrency applications and platforms where transactions are conducted using crypto tokens, are spreading like wildfire. Recently, admins of Empire Market, the world’s biggest dark web marketplace that allegedly suffered a massive DDoS attack on August 23, could have exited the market and pocketed $30 million in cryptocurrency for themselves. Cryptocurrency theft is growing both in terms of frequency of attacks and breadth of targets.
Making the headlines
Researchers at Abnormal Security have uncovered a phishing campaign targeting clients of the Bitcoin Era trading platform.
- The criminals were spotted sending emails purporting to be from BTC Era, encouraging users to pay for what they would see as an investment.
- Fraudsters would then ask for a minimum deposit of $250 to get started with trading on the platform.
- Attackers leveraged Constant Contact, an email marketing provider, to deliver the attack into the inbox of multiple recipients at one go.
How does the attack unfold?
- An automated email arrives addressed in the recipient’s name offering them to make a BTC transaction after making a minimum deposit of $250.
- The mail contains a malicious URL with the text “create an account.” Clicking on it redirects users on the theverifycheck[.]com webpage.
- The landing page displays a pop-up alert request permission to show notifications from the website. If a user gives permission, Adware starts running on their device.
- The infected website will also monitor the user’s behavior to launch targeted ads and spam through malware.
Rising cryptocurrency threats
- A few weeks ago, a mysterious threat actor added 380 malicious servers to the Tor network to perform SSL stripping attacks on users accessing cryptocurrency-related sites via the Tor Browser.
- Meanwhile, a multi-modular Prometei botnet campaign—active since March 2020—was seen mining the Monero cryptocurrency. Till the time of reporting, it was generating $1,250 per month on average.
- In early August, hackers broke into the cryptocurrency trading platform, 2gether, and stole nearly $1.4 million in crypto funds stored in investment accounts.
- Last month, thieves swindled over $3 million in Bitcoin from Cashaa by breaking into one of the exchanges’ digital wallets.
- In late June, the CryptoCore hacker group swindled around $200 million from five cryptocurrency exchange platforms across the world.
Not all adversaries had a good day
- In mid-August, the U.S. Justice Department seized 300 cryptocurrency accounts, four websites, and four Facebook pages, as well as $2 million in cryptocurrency assets linked to ISIS, al Qaeda, and the al Qassam Brigades.
- A few days later, Ukraine authorities busted a cybercrime gang that ran 20 cryptocurrency exchanges and laundered more than $42 million to help other criminal groups.
With rampant ransomware attacks, security experts advise organizations and individuals to stay informed on emerging threats and techniques. Meanwhile, cyber teams must know how to quantify and prioritize crucial threats, and identify emerging threats actors.