U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018. Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, […]

crypto exchanges

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018.

Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534million in crypto was stolen.

This data was included in the annual Hi-Tech Crime Trends 2018 report, presented by Group-IB CTO, Dmitry Volkov, at the sixth international CyberСrimeCon conference. A separate report chapter is dedicated to the analysis of hackers’ and fraudsters’ activity in crypto industry.

Crypto exchanges: in the footsteps of Lazarus 

In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement. One successful attack could bring hackers tens of millions of dollars in crypto funds, whilst reducing the risks of being caught to a minimum:  the anonymity of transactions allows cybercriminals to withdraw stolen funds without putting themselves at greater risk.

Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam: they send an email containing a fake CV with the subject line “Engineering Manager for Crypto Currency job” or the file «Investment Proposal.doc» in attachment, that has a malware embedded in the document.

In the last year and a half, the North-Korean state-sponsored Lazarus group attacked at least five cryptocurrency exchanges: Yapizon, Coins, YouBit, Bithumb, Coinckeck. After the local network is successfully compromised, the hackers browse the local network to find workstations and servers used working with private cryptocurrency wallets.

crypto exchanges

“Last year we warned that hackers competent enough to carry out a targeted attack might have a new target – cryptocurrency exchanges,” — reminded Dmitry Volkov, Group-IB CTO.

“In the last couple of years, crypto exchanges suffered many attacks. Some of the exchanges went bankrupt after the hacks, i.e. Bitcurex, YouBit, Bitgrail. At the beginning of 2018 hackers’ interest in cryptocurrency exchanges ramped up. The most likely cryptocurrency exchange attackers now are Silence, MoneyTaker, and Cobalt.”

ICO: more than 56% of funds were stolen through phishing attacks

Hackers cause serious damage to ICOs: they attack founders, community members, and platforms. In 2017 more than 10% of funds raised through ICOs were stolen, while 80% of projects disappeared with the money without fulfilling any obligations towards their investors.

Yet despite the pessimistic forecasts, the number of funds invested in ICOs increased significantly. In H1 of 2018 alone, ICO projects raised almost $14 billion, which is twice as much as during the entire 2017 ($5,5 billion) — according to CVA and PwC studies. Therefore, cybercriminals can steal more funds in one successful attack.

In 2018, hackers attacked ICOs conducting private funding rounds. For instance, cyber criminals targeted TON project, founded by Pavel Durov, through phishing and managed to steal $35,000 in Ethereum. The worst generally happens on the first day of token sales: a set of DDoS attacks simultaneous with an influx of users, the eruption of Telegram and Slack messages, mailing list spamming.

Phishing remains one of the major vectors of attacks on ICOs: approximately 56% of all funds stolen from ICOs were siphoned off as a result of phishing attacks. On the rise of “the crypto-fever” everyone is striving to purchase tokens, often sold at a significant discount, as fast as possible without paying attention to fine details such as fake domain names. One beg phishing group is capable of stealing roughly $1 million a month.

Phishing attacks against ICO projects are not always aimed at stealing money. This year, there were several cases of investor database theft. This information can be later re-sold on the darknet or used for blackmail.

A relatively new method of fraud on the ICO market was stealing a White Paper of an ICO project and presenting an identical idea under a new brand name. Fraudsters build a website to feature a new brand and a new team using the stolen project description and announce an ICO.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – crypto exchanges, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]