Ethereum Classic 51% Attackers Return $100,000 to Crypto Exchange Gate.io

Those responsible for the recent 51% attack on Ethereum Classic (ETC) have reportedly returned $100,000 worth of stolen funds to an affected cryptocurrency exchange, Gate.io, after the firm tried to contact the attacker.

According to a recently published post Gate.io hadn’t heard back from the attackers until now. Since some of the stolen funds were returned, the exchange now believes the hacker may have been a white hat hacker, and not someone trying to profit off of the move.

We still don't know the reason. If the attacker didn't run it for profit, he might be a white hacker who wanted to remind people the risks in blockchain consensus and hashing power security

Gate.io noted, however, that its analysis found ETC’s blockchain is still vulnerable to attacks and, as such, has raised the number of confirmations on its platform to 4,000. It has also launched a “strict 51% detect for enhanced protection.”

It advised other crypto exchanges to adopt similar measures to protect themselves against similar attacks in the future. As CryptoGlobe covered, the exchange revealed earlier that it was affected by the 51% attack on Ethereum Classic, as it had to cover nearly $200,000 worth of losses after 40,000 ETC tokens were taken from its wallets.

While initially the development team behind ETC claimed the 51% appeared to not be an actual attack, it soon recognized it was. A private ETC mining pool has recently been found to be accumulating hashpower since the attack, which could mean it’s planning to do the same thing.

Meanwhile Grayscale Investments, the organization behind the Ethereum Classic Investment Trust (ETCG), informed some of the investors that contacted them about the incident that ETCG’s funds are “not at direct risk.”

This, as according to Vertcoin developer Gert-Jaap Glasergen, 51% attacks can only double spend the attacker’s own coins, not someone else’s. The risk, as such, is for those who accept ETC – or another attacked cryptocurrency - for goods and services, like cryptocurrency exchanges.

At press time, ETC is trading at about $4.55 after falling 2.3% in the last 24-hour period. After the attack, the cryptocurrency’s price dropped from about $5 to a $4.3 low.

Bitcoin ‘Sextortion’ Scheme Netted Cybercriminals Over $330,000

Blackmailers have reportedly managed to rake in over $330,000 worth of bitcoin, the flagship cryptocurrency, through an email-based ‘sextortion’ campaign that has been ongoing since at least 2017, and saw its activity surge last year.

According to a report published by UK firm Digital Shadows, the cybercriminals received said amount from over 3,100 unique BTC addresses. The funds ended up in 92 different bitcoin addresses believe to belong to the same organization, that could reportedly be making an average of $540 per victim.

The firm’s report, first spotted by The Next Web, tracked a sample of 792,000 emails sent to victims. The ‘sextortionists’ reportedly sent them an email that would include a known password as “proof” they hacked them, and claimed to have video evidence of them seeing adult content online.

The threat was that the video would be published online, if a ransom in BTC wasn’t paid. Last year, Cornell University computer science professor Emin Gün Sirer warned potential victims to “never pay, never negotiate” with cybercriminals trying to extort them.

Per Sirer, the emails were being sent to every email account on the popular website haveibeenpwned, which shows whether emails addresses had their data leaked on well-known online security incidents.

A Sophisticated Operation

The UK firm’s report seems to show the ‘sextortion’ operation was a sophisticated one, as scammers were seemingly trying to hire more people to help them target high-net-work individuals.

These hires could be getting high salaries, up to $768,000 a year, if they had experience in network management, penetration testing, and programming. The cybercriminals have notably also been using social media to target their victims.

The scammers’ capabilities are said to have varied in skill, as while some struggled to distribute a large amount of emails that could get past email server or spam filters, others managed to show high levels of sophistication, with emails sent from accounts specifically created for the campaigns.

Moreover, these campaigns were launched on a global scale, as the servers the emails came from were in five different continents. The highest amount of emails came from Vietnam, Brazil, and India. These servers could, however, have been compromised by the scammers as well.