An unknown cybercriminal group from Eastern Europe has stolen nearly $200 million from cryptocurrency exchanges based primarily in the US, Japan, and Israel, a report revealed.
According to the report citing the research compiled by the cybersecurity firm ClearSky, the unknown group – referred to as “CryptoCore” – has frequently been hacking digital asset exchanges since mid-2018 to present day.
The research outlined that the continuous rise of digital assets has inevitably made cryptocurrency exchanges targets “for constant attacks. Threat actors of all kinds try to infiltrate corporate networks for reconnaissance, ransomware deployment, and plainly to steal money from those exchanges, specifically from their hot wallets.”
Cybercriminals target digital asset platforms as the general belief is that they are significantly more vulnerable to attacks rather than banks and other traditional financial instruments, the report noted.
As recently reported by CryptoPotato, exchanges have improved their countermeasures because of the high number of attacks against them. Nevertheless, the total amount stolen from crypto frauds and thefts from January to May 2020 equaled $1,4 billion.
ClearSky added that the blockchain merits, namely having all transactions visible on the network, are not as useful when tracing stolen funds:
“At first, it seems easier to track the stolen money through blockchain, identifying, and attributing wallets to entities and individuals is generally more difficult.”
The paper also specified that out of the total $200 million stolen by the hackers, about $70 million had come from Israeli cryptocurrency exchanges.
Per the cybersecurity company, CryptoCore begins each illegal operation with an extensive reconnaissance phase against the future victim. Aside from observing details and vulnerabilities on the platform, the group thoroughly examines all executives, officials, and IT personnel.
The most utilized infiltration method is “usually through spear-phishing against the corporate network, the executives’ personal email accounts.” That spear-phishing contact form is typically carried out by impersonating a high-ranking employee either from the targeted organization or from another similar one with connections to the potential victim.
The primary objective is to gain access to the password manager account where officials generally keep the keys of cryptocurrency wallets and other valuable assets. By doing so, “the group will remain undetected and maintain persistence until the multi-factor authentication of the exchange wallets will be removed.”
Interestingly, ClearSky CEO Boaz Dolev believes that the group “does not have advanced capabilities.” Still, because it “acts systematically, over an extended period,” it manages to succeed in stealing millions of dollars.