Bad Guys On The Dark Web Are Working Together To Steal Your Cryptocurrency. Here's How – Binance CSO

According to Binance Chief Security Officer Jimmy Su, a “well-established” ecosystem of hackers lurks in the darkest corners of the dark web, targeting cryptocurrency users with poor “security hygiene”.

Speaking to AskFX, Su said that hackers have turned their eyes to crypto end-users in recent years.

Su noted that when Binance launched in July 2017, the team saw numerous hacking attempts on its internal network. However, the focus has shifted as crypto exchanges continue to improve their security.

Phishing scams are particularly prevalent in emails.

They are used as a way to collect your sensitive information by impersonating someone you trust.

Use the blog below to learn how to stay safe from them. https://t.co/UtKBvR52lX

— Binance (@binance) July 4, 2023

“Hackers always choose the lowest bar to achieve their goals because it’s a business for them too. The hacker.” Community is a well-established ecosystem.”

According to Su, this ecosystem consists of four different layers: information collectors, data refiners, hackers and money launderers.

Data Collector

The upstream layer is what Su calls “threat intelligence”. Here, malicious actors gather and collate illegitimate information about crypto users and create entire spreadsheets with details about different users.

This may include crypto websites a user visits, what emails they use, their name and whether they are on Telegram or social media.

“There is a market for this on the dark web, where they sell this information […] that describes the user,” Su explained in an interview in May.

Su pointed out that this information is usually collected in bulk, e.g. B. through previous customer data leaks or hacks targeting other providers or platforms.

An employee of our email vendor, https://t.co/6vM4WAcJal, misused their employee access to download & share email addresses with an unauthorized external party.

Email addresses provided to OpenSea by users or newsletter subscribers were impacted.https://t.co/Osb6qqkqZZ

— OpenSea (@opensea) June 30, 2022

Appeared in April A research report by Privacy Affair revealed that cybercriminals have been selling hacked crypto accounts for as little as $30 per person. Fake documents, which hackers often use to open accounts on crypto trading sites, can also be bought on the Dark Web.

Data Refiners

According to Su, the collected data is then sold downstream to another group – usually made up of data engineers who specialize in data refinement.

“For example, last year there was a record for Twitter users. […] Based on the information there, they can further refine it to see which ones are actually crypto-related from the tweets.”

These data engineers will then use “scripts and bots” to figure out which exchanges the crypto enthusiast can be registered.

They do this by trying to create an account with the user’s email address. If they get an error message saying the address is already in use, they’ll know if they’re using the exchange. This could be valuable information that more targeted scams could take advantage of, Su said.

Hackers and Phishers

The third level usually grabs the headlines. Phishing scammers or hackers use the previously refined data to create “targeted” phishing attacks.

“Now that they know that ‘Tommy’ is a user of exchange ‘X’, they can simply send an SMS saying: ‘Hey Tommy, we’ve noticed that someone has taken $5,000 from your account. Please click this link and contact customer service if… ‘It wasn’t you.'”

In March, hardware wallet provider Trezor warned its users about a phishing attack aimed at stealing the Steal money from investors by tricking them into entering the wallet’s recovery phrase on a fake Trezor website.

In the phishing campaign, attackers impersonated Trezor and contacted victims via phone call, SMS, or email claiming that there had been a security breach or suspicious activity on their Trezor account.

*A screenshot of a phishing domain copying Trezor’s website. Source: Bleeping Computer*

Getting Away

Once the money has been stolen, the last step is to get away with the heist. Su explained that this could mean the funds lie dormant for years and then be transferred to a crypto mixer like Tornado Cash.