In the murky depths of the dark web, a thriving ecosystem of hackers has set their sights on cryptocurrency users with lax security practices. Jimmy Su, the Binance CSO, a leading cryptocurrency exchange, revealed that hackers have shifted their attention to crypto end-users in recent years. While exchanges have bolstered their security measures, hackers adapt by exploiting the weakest links in the chain. Su described this hacker community as a well-established ecosystem comprising four distinct layers: intelligence gatherers, data refiners, hackers, and money launderers.
The Binance CSO lays down the steps in crypto theft
At the upstream layer, threat intelligence, malicious actors collect and organize stolen information about cryptocurrency users. They create comprehensive spreadsheets detailing various aspects, such as frequented crypto websites, email addresses, names, and even presence on platforms like Telegram or social media. This valuable data is then sold on the dark web, forming a market where hackers can purchase detailed profiles of potential targets. The Binance CSO highlighted that this information is often obtained through bulk data breaches or previous hacks targeting other platforms. Shockingly, research has shown that cybercriminals sell compromised crypto accounts for as little as $30 each, and forged documents used to open accounts on crypto trading sites can also be obtained on the dark web.
The refined data is subsequently passed down to data engineers who specialize in analyzing and refining the information further. Using scripts and bots, these engineers identify the exchanges with which a crypto enthusiast may be registered. By attempting to create an account using the user’s email address, they can determine if the address is already in use. This knowledge becomes a valuable asset for orchestrating targeted scams and attacks.
The third layer involves the creation of headlines through phishing scams and targeted hacking. Armed with refined data, scammers create sophisticated phishing attacks. For instance, armed with the knowledge that “Tommy” is a user of exchange “X,” they can send a fraudulent SMS claiming suspicious activity and urging the victim to click a link to contact customer service. These tactics aim to deceive users into revealing sensitive information or performing actions that compromise their accounts. Recent incidents, such as a phishing campaign against hardware wallet provider Trezor, illustrate the extent of these targeted attacks.
Analysts advise crypto users to safeguard their funds and assets
Once the funds are stolen, the final step for hackers is to escape with their ill-gotten gains. Some may choose to lie low and leave the stolen assets untouched for years. Eventually, they may move the funds to a crypto mixer service like Tornado Cash, which obscures the transaction trail. The Binance CSO emphasized that certain groups have been known to hold stolen funds for extended periods before making any movement, complicating efforts to trace and recover the assets.
While it may be challenging to completely thwart crypto hackers, the Binance CSO emphasizes the importance of practicing better security hygiene among cryptocurrency users. According to the Binance CSO, this involves proactive measures such as revoking permissions for decentralized finance projects that are no longer in use and safeguarding communication channels used for two-factor authentication, such as email or SMS.
The dark web’s ecosystem of hackers targeting cryptocurrency users has evolved into a well-established and sophisticated network. As hackers adapt to the increased security measures implemented by exchanges, they focus on exploiting the security vulnerabilities of individual users. To safeguard against these threats, crypto users must prioritize adopting robust security practices and remain vigilant in an increasingly perilous digital landscape.