Cryptocurrency exchanges became cash machines for Eastern European hacker groups that stole $200 million in two years

Cybersecurity firm ClearSky revealed in a report yesterday that the same hacker group stole approximately $200 million worth of cryptocurrency from multiple exchanges.

ClearSky calls the group “CryptoCore,” which it believes is from Eastern Europe and has been targeting crypto exchanges since 2018. The group has primarily targeted exchanges in the United States and Japan.

Although the hacker group made more than $200 million in two years, ClearSky believes that the group is not technically advanced. Instead, it is just fast, very persistent, and very efficient.

CryptoCore will access the cryptocurrency wallets of exchanges and their employees. The specific methods are as follows:

Initially, CryptoCore would pretend to conduct an investigation into the target exchange and its employees. The gang would use a spear-phishing attack to send an email to a supervisor from an account that looked like a real senior employee, either from the same organization or from one of their partners.

Once the network was infiltrated, the group would install malware and gain access to the executive’s password manager account, where the keys to all of the cryptocurrency wallets were stored. They would then wait until multi-factor authentication was disabled and then immediately move all of the funds in the wallets.

ClearSky said such activity “diminished in the first half of 2020,” with one possible reason being restrictions caused by the COVID-19 pandemic. But it “did not stop completely.”

Spear phishing is a common cryptocurrency fraud and a huge problem. There was a massive spear phishing campaign targeting YouTube users at the beginning of this year. Many users’ accounts were hijacked after they clicked on some suspicious links.

Once they click on those links, the hackers change the password, delete all the videos, and play interviews with figures such as Elon Musk or Binance CEO Changpeng Zhao. These "celebrities" then ask people who watch the videos to send them cryptocurrency, promising that they will return more. It's a scam, of course, but it's successful in raking in a lot of money. One scam using Musk's name alone made $2 million in two months.

However, cryptocurrency exchanges have fared much worse.

This article is translated with permission from decrypt.