Hacker Group Stole $200 Million from Crypto Exchange

Thursday, 25/06/2020 | 08:36 GMT by Arnab Shome
  • The small group particularly targeted exchanges in the US and Japan.
Hacker Group Stole $200 Million from Crypto Exchange
Finance Magnates

A single cryptocurrency hacking group is targeting exchanges and wallets for the past couple of years and managed to rake more than $200 million, Israeli cybersecurity firm ClearSky claimed.

Though the actual identity of the hacking group is not known, a report published by the cybersecurity firm on Wednesday, detailed that it is clear from the profile, modus operandi, and digital infrastructure of the attacks that it was the single group.

“CryptoCore is a group that targets almost exclusively cryptocurrency exchanges and companies working with them via supply-chain attack,” ClearSky noted. “The CryptoCore group is known for having accumulated a sum of approximately 70 million USD from its heists on exchanges. We estimate that the group managed to rake in more than 200 million USD in two years.”

Though the Israeli firm is calling the group CryptoCore, other security companies also traced the whereabouts of the same group, one firm named it “Leery Turtle.”

Small, yet efficient

Based on the timestamp of the first known sample of such attacks, the hackers started their operations in mid-2018 and “maintained steady activity since then.” The security company, however, could not pinpoint the exact location or country of origin of the group.

“We assess with [a] medium level of certainty that the threat actor has links to the East European region, Ukraine, Russia or Romania in particular,” ClearSky continued.

The hacker group is believed to have maybe three to four people, but they are very effective.

“This group is not extremely technically advanced, yet it seems to be swift, persistent, and effective, nevertheless,” the report added.

They are particularly targeting cryptocurrency exchange wallets in the United States and Japan.

“While the group’s key infiltration vector to the Exchange is usually through spear-Phishing against the corporate network, the executives’ personal email accounts are the first to be targeted,” ClearSky detailed.

“Infiltrating the personal email accounts is an optional phase; however, it’s a matter of hours to weeks until the spear-phishing email is sent to a corporate email account of an exchange’s executive.”

A single cryptocurrency hacking group is targeting exchanges and wallets for the past couple of years and managed to rake more than $200 million, Israeli cybersecurity firm ClearSky claimed.

Though the actual identity of the hacking group is not known, a report published by the cybersecurity firm on Wednesday, detailed that it is clear from the profile, modus operandi, and digital infrastructure of the attacks that it was the single group.

“CryptoCore is a group that targets almost exclusively cryptocurrency exchanges and companies working with them via supply-chain attack,” ClearSky noted. “The CryptoCore group is known for having accumulated a sum of approximately 70 million USD from its heists on exchanges. We estimate that the group managed to rake in more than 200 million USD in two years.”

Though the Israeli firm is calling the group CryptoCore, other security companies also traced the whereabouts of the same group, one firm named it “Leery Turtle.”

Small, yet efficient

Based on the timestamp of the first known sample of such attacks, the hackers started their operations in mid-2018 and “maintained steady activity since then.” The security company, however, could not pinpoint the exact location or country of origin of the group.

“We assess with [a] medium level of certainty that the threat actor has links to the East European region, Ukraine, Russia or Romania in particular,” ClearSky continued.

The hacker group is believed to have maybe three to four people, but they are very effective.

“This group is not extremely technically advanced, yet it seems to be swift, persistent, and effective, nevertheless,” the report added.

They are particularly targeting cryptocurrency exchange wallets in the United States and Japan.

“While the group’s key infiltration vector to the Exchange is usually through spear-Phishing against the corporate network, the executives’ personal email accounts are the first to be targeted,” ClearSky detailed.

“Infiltrating the personal email accounts is an optional phase; however, it’s a matter of hours to weeks until the spear-phishing email is sent to a corporate email account of an exchange’s executive.”

About the Author: Arnab Shome
Arnab Shome
  • 6652 Articles
  • 101 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency