Translated by
2020/06/29 14:25:30

Cryptocurrency exchanges




The CryptoCore grouping stole more than $200 million at the cryptocurrency exchanges

On June 26, 2020 it became known that the cybercriminal CryptoCore grouping (also known as Crypto-gang, Dangerous Password and Leery Turtle) stole about $200 million at the cryptocurrency online-exchanges in Japan, the USA and other countries. According to the head of research group in ClearSky company of Orr of Blatt (Or Blatt), grouping works since 2018 and presumably performs the attacks from Eastern Europe, in particular, from Ukraine, Russia or Romania. Criminals already performed five successful attacks and for the end of June, 2020 are aimed on 10-20 the cryptocurrency exchanges.

As experts noted, some harmful campaigns CryptoCore were recorded earlier in separate reports in which grouping was identified under the names Dangerous Password and Leery Turtle. However harmful campaigns were much more extensive and widespread, than it was supposed initially.

Despite the fact that grouping works nearly two and a half years malefactors all this time used the same tactics with little changes in the attacks. All attacks begin with an information phase during which criminals collect necessary data on the management of the exchange, IT personnel and other employees.

The first phishing attacks are always directed to personal e-mail accounts, but not on corporate as they are most often less protected and may contain business information. Nevertheless, CryptoCore operators pass also to target business accounts over time.

The attacks of the directed phishing (spear-phishing) usually are performed by issue of for the high-ranking employee of the target company or other organization with communications with the target employee — experts explained.

The ultimate goal — to implement the malware on the computer of the employee or manager and to get access to a password manager account. Using these passwords criminals can get access to accounts and purses, to disconnect the systems of two-factor authentication and to transfer money[1].

The cryptocurrency market begins the recovery in China

On April 1, 2020 the BitZ company reported that problems with liquidity in traditional financial markets provoked increase in demand for cryptocurrencies. The Chinese cryptocurrency exchanges were especially active. On BitZ, Huobi, Binance, OKEx big inflow of funds from investors and the high trading volume is observed by the main cryptocurrencies. On this background the rate of bitcoin for a while overcame a mark of $6900 and approached $7000. Read more here.

The Chinese cryptoexchange BitZ enters the Russian market

On January 21, 2020 the cryptoexchange from Hong Kong of BitZ announced TAdviser that it opens the representation in St. Petersburg. Opening of representation in Russia was preceded by preparatory work of a command  within half a year. Investments into the Russian project at the first stage made about $5 million Read more here.


The damage from target attacks to the cryptoexchanges almost for 2 years reached $882 million

On October 17, 2018 it became known that the Group-IB company assessed damages from target attacks to the cryptoexchanges in 2017 and the first 9 months 2018 at $882 million according to experts of Group-IB, for this period, at least, 14 cryptoexchanges were cracked and 5 of them — are attacked by the North Korean hacker Lazarus group, including, the Japanese exchange Coincheck which lost $534 million.

These data are provided in the annual report of Hi-Tech Crime Trends 2018 submitted by Dmitry Volkov. One of blocks of the report is devoted to the analysis of activity of hackers and swindlers in the cryptoindustry.

In most cases at attacks to the cryptoexchanges hackers use traditional tools and schemes, such as target phishing, social engineering, loading of malware, defeys the website. As a result of one successful attack hackers can steal tens of millions of dollars in cryptocurrency with a minimum risk to be caught as the anonymity at transactions allows malefactors to display means rather safely.

The main vector of penetration into corporate networks of the cryptoexchanges is the target phishing. For example, malefactors send counterfeit summaries with the subject "Engineering Manager for Crypto Currency job" and the document in an investment of "Investment Proposal.doc" behind which the malware is.

Since 2017 the North Korean Lazarus group attacked, at least, 5 cryptoexchanges: Yapizon, Coinis, YouBit, Bithumb, Coinckeck. After infection hackers carried out investigation of a local network to find computers or servers on which work with private purses of the cryptoexchanges was conducted.

In 2017 we warned that hackers who can professionally carry out the purposeful attack had the next purpose — the cryptoexchanges. Large marketplaces some of which after cracking declared bankruptcy for the last few years suffered from hands of organized hacker groupings. For example, Bitcurex, YouBit, Bitgrail. At the beginning of 2018 the attention of hackers to the cryptoexchanges only increased therefore we expect that such groups as Silence, MoneyTaker and Cobalt, can carry out several successful cracking of the cryptoexchanges.

Dmitry Volkov, technical direktor of Group-IB

Hackers cause significant damage to ICO projects: attack faunder, members of community, platforms. In 2017 more than 10% of all involved investments were stolen, and 80% of projects did not fulfill the obligation to investors and disappeared after fund raising.

Despite pessimistic forecasts, financing of ICO projects in 2018 increased: only for the first half of the year 2018 ICO projects collected nearly $14 billion — twice more, than for all 2017 ($5.5 billion) — according to the research CVA and PwC. Thus, as a result of one successful attack malefactors have an opportunity to steal much more means.

In 2018 the projects which are carrying out the closed round of ICO underwent the attacks. For example, the project TON (Telegram Open Network), underwent a phishing attack therefore malefactors managed to steal about $35 thousand century Ethereum. The squall DDoS- the attacks, an avalanche of messages to canals Telegram and Slack, spam according to the list of mailings, as a rule, occurs in day of start of sales of tokens within carrying out ICO.

For October, 2018 the phishing remains the most popular instrument of the attacks to ICO: about 56% of the stolen means are the share of it. At the height of "cryptocurrency fever" all aim to purchase as soon as possible tokens (often they are on sale at greatly reduced prices) and do not pay attention to such trifles as the changed domains. Large phishing grouping abducts about $1 million a month.

Phishing attacks on ICO projects are not always carried out for theft of money. In 2018 several cases of theft of databases of the investors participating in ICO are recorded. Such information in an effect can be on sale at shadow hacker forums or be used for blackmail. Theft of White Paper of the project and representation of the identical idea under the brand became rather next widespread scheme of fraud in the market of ICO. Swindlers create landing under the next brand and with the next command, but with the stolen description, and announce carrying out ICO.

For the private investors working with cryptocurrencies, the phishing and malware will remain the main threat for October, 2018.

In 2019 the cryptoexchanges will become the next purpose for the most aggressive hacker groups attacking banks. The number of the purposeful attacks to the cryptoexchanges will increase. Fraudulent phishing schemes using crypto - brands will become complicated. The level of training to phishing attacks will also grow, automation of a phishing and use of ready phishing sets (Phishing-kits), in particular, for attacks to ICO will gain ground. The largest mining pools in the world can become the purpose not only cybercriminals, but also pro-state attacking. By a certain preparation it is able to allow them to take under control 51% of capacities for mining and to occupy management of cryptocurrency.

Cryptocurrencies in a corkscrew: the exchanges lose clients

Sharp decrease in interest in cryptocurrencies is around the world observed, reported Bloomberg on October 11, 2018. Uncertainty in the traditional stock market was thrown also to this area, plus affects the decrease in quotations of cryptocurrencies which began after Bitcoin rate reached in December, 2017 peak value in $20 thousand.

According to venture company Tribe Capital, the world's largest cryptocurrency exchange Coinbase suffered especially: since December, 2017 the number of permanent players on this platform decreased by 80%. Bitcoin rate for the same period dropped by 60%. Read more here.

Hackers stole $60 million from the exchange

In September, 2018 the Japanese cryptocurrency exchange Zaif  was attacked by hackers who as a result of attack managed to steal about $60 million Read more here.


You look also the Blockchain and cryptocurrency