Hacker Group Robbed Crypto Exchanges by $200 Million
According to a report published by top cyber security firm ClearSky, a hacking group known as CryptoCore has stolen more than 200 million from several crypto exchanges since 2018.
The hacking group is reportedly operating somewhere out of Eastern Europe, Romania, Russia, or Ukraine. The notorious group is also known as “Dangerous password” or “Leery Turtle”.
It has used Spear- phishing emails and Social engineering techniques to gain access to the accounts and email-ids of employees and executives of the crypto exchanges of China, the US, and Japan.
As per the report, though the group has managed to steal more than $200 million so far, technically they are not so advanced on a massive scale. Their noticeable strategies are ‘swift’, ‘persistent’, and ‘efficient’.
Modus Operand of the CryptoCore
The group uses a spear-phishing technique to access cryptocurrency wallets belonging to the exchanges. They send emails to the employees of the company posing as the top executive or close associates of the firms.
Once the mail is opened, that id of the employee gets hacked, the group installs malware and access the password of the account, the group then steals all the private keys of the crypto wallets. They wait till the removal of the multi-factor authenticator. Once it is removed, the hackers act swiftly to steal the money from the wallets.
The report mentions that the malware they use frequently is called Mimikatz.
The information provided through the above Content is for informational purposes only. The Content is not intended to be, and does not, constitute financial advice or any other advice. You should consult with a financial professional to determine what may be best for your individual needs. We do not make any guarantee or other promise as to any results that may be obtained using our Content. To the maximum extent permitted by law, we disclaim any and all liability in the event any information, commentary, analysis, opinions, advice and/or recommendations prove to be inaccurate, incomplete or unreliable or result in any investment or other losses.
CBW - External Analyst