CryptoCore has hacked its way to more than $200 million on crypto exchanges
Analysis conducted by cybersecurity firm ClearSky shows attacks on crypto exchanges are causing lots of damage
An organized hacker group has been causing headaches for several cryptocurrency exchanges out there. CryptoCore is believed to be operating just outside of Eastern Europe and has stolen over $200 million from exchanges, according to a report that cybersecurity firm ClearSky shared with ZDNet yesterday. One of the research team leaders at ClearSky, Or Blatt, told the news site that this hacking group has been active since 2018.
According to Blatt, researchers were able to attribute five successful hacks to CryptoCore; however, they reported that they have spotted the group targeting another 10-20 cryptocurrency exchanges. The confirmed victims are located spread across the globe in the US, in Japan and the Middle East; none of the victim’s names were disclosed due to non-disclosure agreements.
In the past, a few isolated reports from groups like “Dangerous Password” and “Leery Turtle [PDF]” were documented as well. But the Israeli security firm said that the group’s operations are more complex than those and more ample and widespread than what was once documented. One of the aspects that allowed the cybersecurity group to attach those hacks to CryptoCore is the similar tactics and modus operandi used to commit the crimes; with little to no variation.
According to ClearSky, all attacks start with a process of gathering information where they collect every piece of information by targeting either the exchange’s management, IT staff and other employees. The first attacks are always launched on personal email accounts instead of big corporate ones, which are less secured than the official ones, but which also contain business information. “It’s a matter of hours to weeks until the spear-phishing email is sent to a corporate email account of an exchange’s executive,” ClearSky said.