Hacker Group Stole $200 Million from Crypto Exchange

A single cryptocurrency hacking group is targeting exchanges and wallets for the past couple of years and managed to rake more than $200 million, Israeli cybersecurity firm ClearSky claimed.

Though the actual identity of the hacking group is not known, a report published by the cybersecurity firm on Wednesday, detailed that it is clear from the profile, modus operandi, and digital infrastructure of the attacks that it was the single group.

“CryptoCore is a group that targets almost exclusively cryptocurrency exchanges and companies working with them via supply-chain attack,” ClearSky noted. “The CryptoCore group is known for having accumulated a sum of approximately 70 million USD from its heists on exchanges. We estimate that the group managed to rake in more than 200 million USD in two years.”

Though the Israeli firm is calling the group CryptoCore, other security companies also traced the whereabouts of the same group, one firm named it “Leery Turtle.”

Small, yet efficient

Based on the timestamp of the first known sample of such attacks, the hackers started their operations in mid-2018 and “maintained steady activity since then.” The security company, however, could not pinpoint the exact location or country of origin of the group.

“We assess with [a] medium level of certainty that the threat actor has links to the East European region, Ukraine, Russia or Romania in particular,” ClearSky continued.

The hacker group is believed to have maybe three to four people, but they are very effective.

“This group is not extremely technically advanced, yet it seems to be swift, persistent, and effective, nevertheless,” the report added.

They are particularly targeting cryptocurrency exchange wallets in the United States and Japan.

“While the group’s key infiltration vector to the Exchange Exchange An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv An exchange is known as a marketplace that supports the trading of derivatives, commodities, securities, and other financial instruments.Generally, an exchange is accessible through a digital platform or sometimes at a tangible address where investors organize to perform trading. Among the chief responsibilities of an exchange would be to uphold honest and fair-trading practices. These are instrumental in making sure that the distribution of supported security rates on that exchange are effectiv Read this Term is usually through spear-Phishing Phishing Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno Read this Term against the corporate network, the executives’ personal email accounts are the first to be targeted,” ClearSky detailed.

“Infiltrating the personal email accounts is an optional phase; however, it’s a matter of hours to weeks until the spear-phishing email is sent to a corporate email account of an exchange’s executive.”