Hacker Group Allegedly Stole $200M In Exchange Hacks
- Known as CryptoCore, the group has been linked to atleast five known cryptocurrency exchange hacks.
- Though with unknown origins, the group is believed to be connected to the East European region, Ukraine or Russia.
One cyber criminal group might be responsible for stealing around $200 million from various crypto exchanges over the course of two years, cybersecurity firm ClearSky said in a post on 24 June.
According to the firm’s research, the so-called “CryptoCore” cyber criminal group has almost exclusively targeted cryptocurrency exchanges since 2018, and is known to have stolen $70 million from heists, though in reality ClearSky estimates that number to be more than $200 million. Though it has been investigating the group for almost two years now, ClearSky still has no solid evidence of the operators’ origin, but it is suspected that the criminals are connected to the East European region – Ukraine or Russia.
The company has associated CryptoCore to at least five crypto exchange hacks, that follow a particular pattern, over the past two years, but has noticed that the criminals had targeted another 10 to 20 exchanges in that time. The group’s activities have also been documented in several reports, though they were identified under different names, such as “Dangerous Password” and “Leery Turtle”.
The firm said in its paper:
“In recent years, cryptocurrency exchanges have become targets for constant attacks, mainly from criminal groups and lone hackers. Threat actors of all kinds try to infiltrate corporate networks for reconnaissance, ransomware deployment, and plainly to steal money from those exchanges, specifically from their “hot” (i.e. active, connected) wallets.”
In its report, ClearSky further noted that the criminals’ tactics have been almost the same for the past two years. It all starts with gathering the required information which will allow the criminals to target an exchange’s management, IT staff or other employees. Then, using the fact that personal email accounts usually have less security, the group would initiate phishing attacks.
Later the group would use a spear-phishing email, “either from the target company itself or from a company that deals with the target”, to implant malware on an employee’s system, and gain access to a password manager account. From there, the group would use the passwords to enter accounts and wallets, and eventually drain the funds from the exchange’s hot wallets.
If ClearSky’s research is accurate, CryptoCore is the second group to repeatedly target crypto exchanges. In the past years, North Korea has been the biggest threat to crypto exchanges, according to a report presented to the U.N. Security Council North Korea sanctions committee last September. Per the report, North Korea has been responsible for stealing around $2 billion in fiat and cryptocurrency through hacks on banks and cryptocurrency exchanges.
- The New York Jurors took 4 fours of deliberating before pronouncing the former FTX CEO guilty of all seven charges of fraud and conspiracy to commit fraud.
- Bankman-Fried will now have to appear in court on 28 March, 2024, where he will face a potential maximum sentence of 115 years in prison.
Former CEO of FTX Sam Bankman-Fried leaves the Federal Court in New York after pleading not guilty, 3 January, 2022.
lev radin/Shutterstock
- The U.S. Department of Justice has expressed its concerns over Sam Bankman-Fried’s seven expert witnesses, and requested they be barred from testifying on the case.
- The DoJ claimed most of the proposed experts lacked the necessary foundation for their opinions, making them unqualified to be an expert witness.
- Do Kwon was charged with conspiracy to defraud, commodities fraud, securities fraud, wire fraud, and conspiracy to engage in market manipulation.
- A spokesperson for the Manhattan U.S. attorney’s office, which brought the charges against Do Kwon, said the Department of Justice (DoJ) will seek his extradition.