Hackers targeting crypto exchanges with spear-phishing have stolen over $200m

CryptoCore, believed to be operating out of Eastern Europe, has managed to infiltrate several crypto exchanges around the world

Hacker at monitors
Israeli-based security firm ClearSky investigates a string of malicious activities that appear to originate from the group

A report shared with news outlet, ZDnet, has revealed that an organised group of hackers are believed to be operating out of Eastern Europe, and have stolen over $200 million from online cryptocurrency exchanges.

The Research Team Leader of ClearSky, Or Blatt, said that the group has been active since 2018. ClearSky, a cybersecurity firm, has been tracking the activities of the hackers carried out under the pseudonym CryptoCore.

Blatt explained that their team had managed to link CryptoCore to five successful hacks; however, they have also seen the group target an additional 10to 20 cryptocurrency exchanges as well.

The five confirmed victims of the hackers are located in Japan, the US  and the Middle East. Due to non-disclosure agreements, Blatt was unable to disclose the names of these victims.

ClearSky says some of CryptoCore’s operations have previously been documented in isolated reports that have identified the group as “Dangerous Password” and “Leery Turtle [PDF]”. The Israeli security firm says that the group’s operations have been more widespread than documented.

However, despite having been in operation for nearly three years, ClearSky says that the group has stuck to using the same tactics consistently, with minimal variation in their attacks.

According to ClearSky, all their attacks begin with an information-gathering stage, where they collect the necessary details to target an exchange’s IT staff, management and other relevant employees. The first phishing attacks always start against personal email accounts rather than the corporate ones, since these are most likely to be less secure. Some accounts also contain business information.

From here, CryptoCore operators eventually move to also target business accounts. This takes a matter of hours to weeks.

“It’s a matter of hours to weeks until the spear-phishing email is sent to a corporate email account of an exchange’s executive,” ClearSky said.

Spear-phishing is usually carried out by hackers masquerading as a high-ranking employee from the target organisation with connections to the targeted employee.

The end goal of the group is to plant malware on an employee or manager’s computer, which will enable them to gain access to a password manager account. From here, the hackers use these passwords to access accounts and wallets, disable authentication systems and begin the transfer of funds out of the exchange’s hot wallets.

CryptoCore has now become the second known organised group to repeatedly target crypto exchanges in the last three to four years.

Trade on popular Crypto markets
Go long or short on cryptos from 10p a point
A trading partner you can trust
Start Trading
Forex trading involves significant risk of loss and is not suitable for all investors.
The broker offers access to a trusted MetaTrader trading system
Pricing is ensured to be completely transparent, also providing accuracy and speed.
Trade a Wide Variety of Assets with Leverage up to 1:500
Start Trading
Margin Trading
Legal compliance
Cryptocurrency staking
Start Trading