A security firm has warned that a group of hackers named CryptoCore has been raiding crypto exchanges – and may have amassed a USD 70 million crypto pot, leaving a USD 200 million trail of damage in its wake.
Per a report from Clear Sky Security, CryptoCore is thought to comprise individuals based primarily in Eastern Europe, with links to “Russia, Ukraine or Romania” noted. The group, says the security firm, appears to mainly target crypto exchanges, and has attempted to execute the majority of its attacks in Japan and the United States.
The report’s authors said that the hackers may be hanging on to USD 70 million worth of crypto holdings from their raids since they became active in 2018. The cumulative raids total, said the firm, is around UD 200 million.
“This group is not extremely technically advanced, yet it seems to be swift, persistent and effective, nevertheless. We assess it to be active at least since May 2018, and it maintained steady activity since then. Its activity has receded in the first half of 2020, one possible reason being the limitations induced by the COVID-19 pandemic, but it didn’t stop completely.”
The hacker group uses spear-phishing attacks, says the security firm, and sends employees emails that appear to come from high-ranking exchange staff. The goal is to “gain access to cryptocurrency exchanges’ wallets, be it general corporate wallets or wallets belonging to the exchange’s employees.”
If it succeeds, the group looks to gain access to “the victim’s password manager account.” From here, they can access wallet keys. The group also uses malware as part of its campaign.
The firm says that the hackers are fast to respond to efforts to fight back.
The report’s authors stated,
“The group is generally quick to register and employ new domains and links. […] In one case, a new domain was registered. We alerted the client, and within 30-40 minutes their systems identified an attack from that new domain.”