In an interview with Cointelegraph, Jimmy Su, the chief security officer of Binance, issued a warning regarding the existence of a well-established hacker community on the dark web. Su emphasized the point by saying that users of cryptocurrencies with insufficient safety precautions are the ones that these hackers deliberately target. Su claims that these hackers’ attention is now focused on end users of cryptocurrency.
Su recalls that the team at Binance noticed numerous efforts to get into its internal network when it originally launched in July 2017. The primary focus has changed, though, as cryptocurrency exchanges have worked to strengthen their security.
According to Su, “Hackers always choose the lowest bar to achieve their goals because, for them, it’s a business as well. The hacker community is a well-established ecosystem.”The intelligence gatherers, data refiners, hackers, and money launderers, in Su’s assessment, make up the four main layers of this ecosystem.
Su referred to this layer as “threat intelligence,” which is the most upstream. Here, criminals gather and compile stolen information about cryptocurrency users, building full spreadsheets with information about various people.
This might include the user’s name, the email addresses they use, the crypto websites they frequently visit, and whether they use social media or Telegram. In a May interview, Su said: “There is a market for this on the dark web where this information is sold […] that describes the user.” Su pointed out that this data is typically obtained in large quantities, such as via past customer data leaks or hacks that target other companies or platforms.
Cybercriminals were selling hacked cryptocurrency accounts for as little as $30 each, according to a study published in April by Privacy Affairs. On the dark web, fake documents may be purchased. Hackers frequently use these documents to register accounts on cryptocurrency trading platforms.
Su indicates that once the data has been gathered, it is sold to a different company, typically one that consists of data engineers who specialize in the processing of data. ” For example, there was a data set last year for Twitter users. […] Based on the information there, they can further refine it to see, based on the tweets, which ones are actually crypto-related.”
Following that, these data engineers will employ “scripts and bots” to determine which exchanges the crypto enthusiast might be registered with. They attempt to create an account using the user’s email address to accomplish this. If they use the exchange, they will be aware if they receive an error message stating that the address is already in use. Su suggested that this knowledge could be useful for more specific scams.
Typically, headlines are generated by the third layer. To create “targeted” phishing assaults, phishing con artists or hackers will use the previously improved data.
“Because now they know ‘Tommy’ is a user of exchange ‘X,’ they can just send an SMS saying, ‘Hey Tommy, we detected someone withdrew $5,000 from your account; please click this link and reach customer service if it wasn’t you.”
In March, Trezor, a company that makes hardware wallets, alerted its customers to a phishing scam that required them to enter their wallet recovery codes on a fake Trezor website in order to steal money from investors.
Attackers posing as Trezor used the phishing effort to contact victims by phone, text, or email and inform them that their Trezor account has experienced a security breach or other suspicious activities.
The last step in the heist is getting away with it after it has been stolen. Su added that this might entail transferring the money to a cryptocurrency mixer like Tornado Cash after it has remained dormant for years. Su added, “There are groups that we know that may sit on their stolen gains for two, three years without any movement.”
Although there isn’t much that can be done to avoid cryptocurrency hackers, Su advises consumers to improve their “security hygiene.” This can entail revoking permits for decentralized finance projects if they cease to utilize them or guaranteeing the confidentiality of communication channels like email or SMS used for two-factor authentication.