Lurking in the shady corners of the dark web is a "well-established" ecosystem of hackers who target cryptocurrency users with poor "security hygiene," according to Binance's chief security officer.
Speaking to Cointelegraph, Binance CSO Jimmy Su said that in recent years, hackers have shifted their sights towards cryptocurrency end users.
Su noted that when Binance first opened in July 2017, the team saw many hacking attempts on its internal network. However, as cryptocurrency exchanges continued to tighten their security, the focus changed.
Phishing scams are particularly prevalent in emails.
They are used as a way to collect your sensitive information by posing as someone you trust.
Use the blog below to learn how to stay safe from them. https://t.co/UtKBvR52lX
—Binance (@binance) July 4, 2023
“Hackers always choose the lowest bar to achieve their goals, because for them it is also a business. The hacker community is a well-established ecosystem."
According to Su, this ecosystem comprises four distinct layers: intelligence collectors, data refiners, hackers, and money launderers.
data collectors
The topmost layer is what Su described as "threat intelligence." Here, criminals collect and collate illicitly obtained information about cryptocurrency users, creating entire spreadsheets full of details about different users.
This could include crypto websites a user frequents, what emails they use, their name, and whether they are on Telegram or on social media.
“There is a market for this on the dark web where this information is sold. [...] that describes the user,” Su explained in an interview in May.
Su noted that this information is usually collected in bulk, such as customer information leaks or hacks targeting other providers or platforms.
An employee of our email provider, https://t.co/6vM4WAcJalabused your employees' access to download and share email addresses with an unauthorized outside party.
Email addresses provided to OpenSea by users or newsletter subscribers were affected.https://t.co/Osb6qqkqZZ
—OpenSea (@opensea) June 30, 2022
In April, an investigative article from Privacy Matters revealed that cybercriminals have been selling hacked crypto accounts. for just $30 each. Counterfeit documentation, often used by hackers to open accounts on cryptocurrency exchanges, can also be purchased on the dark web.
data refiners
According to Su, the collected data is then sold to another group, usually made up of data engineers who specialize in refining data.
“For example, there was a data set last year for Twitter users. [...] Based on the information there, they can further refine it to look based on the tweets to see which ones are actually related to cryptocurrency.”
These data engineers will then use “scripts and bots” to find out which exchanges the cryptocurrency enthusiast may be registered with.
To do this, they try to create an account with the user's email address. If they get an error that the address is already in use, then they'll know if they use the exchange; this could be valuable information that could be used by more targeted scams, Su said.
hackers and phishers
The third layer is usually the one that creates the headlines. Phishing scammers or hackers will take the previously refined data to create "targeted" phishing attacks.
"Because they now know that 'Tommy' is a user of exchange 'X', they can simply send an SMS saying, 'Hey Tommy, we detected someone withdrew $5,000 from your account, please click this link and contact customer service if it was like that 'to you'”.
In March, hardware wallet provider Trezor warned its users about a phishing attack. designed to steal money from investors making them enter the wallet recovery phrase on a fake Trezor website.
The phishing campaign involved attackers posing as Trezor and contacting victims via phone calls, text messages, or emails claiming there had been a security breach or suspicious activity on their Trezor account.
Get away with it
Once the funds are stolen, the final step is to get away with it. Su explained that this could involve leaving the funds dormant for years and then moving them to a crypto mixer like Tornado Cash.
Related: Arbitrum-based Jimbos Protocol Hacked, Losing $7.5M in Ether
“There are groups that we know can keep their stolen profits for two to three years without any movement,” Su added.
While there isn't much that can stop crypto hackers, Su urges crypto users to practice better "security hygiene."
This could involve revoking permissions for decentralized finance projects if they no longer use them, or ensuring that communication channels like email or SMS used for two-factor authentication are kept private.
Magazine: Tornado Cash 2.0: the race to build safe and legal coin mixers
Post navigation
