In brief

  • A hacking group has stolen about $200 million from exchanges.
  • It did so predominantly through spear-phishing attacks.
  • The hackers reduced activity during Covid-19.

A single hacker group has stolen $200 around million in cryptocurrency from exchanges, cyber-security firm ClearSky revealed in a report yesterday.

The group, which ClearSky calls “CryptoCore,” whom the firm believes operated out of Eastern Europe, has been targeting crypto exchanges since 2018. The group targeted mainly targeted exchanges in the US and Japan.

Though the rogue crypto gang has managed to take home over $200 million in two years, ClearSky believes that the “group is not extremely technically advanced.” Instead, it is “swift, persistent and effective.” 

The gang, CryptoCore, accesses crypto wallets owned by exchanges and employees. Here’s how it works:

CryptoCore starts with an “extensive reconnaissance phase against the company” and its employees. 

The gang worm their way in through spear-phishing attacks, which involve emailing an executive from an account that looks like a bona fide high-ranking employee, either from the same organization or from one that they’re partnered with.

Once the network has been infiltrated, the gang installs malware and gains access to the executive’s password manager accounts—where all the keys to crypto-wallets are stored. Then they wait: should multi-factor authentication be removed, the group acts “immediately and responsively” and drains funds from the wallets, said ClearSky. 

Many crypto exchanges have been hacked in the past two years. Image: Shutterstock.

ClearSky said that “activity receded in the first half of 2020, one possible reason being the limitations induced by the COVID-19 pandemic.” But it “didn’t stop completely.”

Spear-phishing is a common method for crypto scammers and a massive problem. At the start of the year, a huge spear-phishing campaign was mounted against YouTubers. Accounts with lots of subscribers were hijacked when their owners clicked on dodgy links.

Once in, hackers changed the passwords, deleted all the videos and ran single live streams featuring an interview with characters like Elon Musk or Binance’s CEO Changpeng Zhao. The “celebrities” then asked viewers to send them cryptocurrency, with promises they’d send even more back. A scam, of course, but a successful one. One Musk scam raked in $2 million in two months.

However, the crypto exchanges fared much worse.