CryptoCore Hacking Group Stole Over $200 Million from Crypto Exchanges

Francisco Memoria

A hacking group known as CryptoCore has reportedly stolen over $200 million worth of cryptocurrency from exchanges since 2018 thanks to a series of successful phishing attacks on the platforms.

According to a report published by cybersecurity firm ClearSky, covered by Bleeping Computer, the hacking group is called CryptoCore, but also known as “Dangerous Password” and “Leery Turtle,” and targets cryptocurrency exchanges’ employees and executives with spear-phishing campaigns.

These campaigns see the hackers impersonate high-ranking employees of the target exchange or an organization with close ties to it, to gain access to their victims’ password manager account. From there, the hackers can get access to cryptocurrency wallets and other valuable assets they use to attack other victims.

ClearSky’s report reads:

The key goal of CryptoCore’s heists is to gain access to cryptocurrency exchanges’ wallets, be it general corporate wallets or wallets belonging to the exchange’s employees. For this kind of operation, the group begins with an extensive reconnaissance phase against the company, its executives, officers and IT personnel.

The CryptoCore hacking group has reportedly been targeting mostly exchanges in the United States and Japan, stealing over $200 million worth of cryptocurrency thanks to its attacks. Its attacks are customized according to the target, using domain names to impersonate specific affiliated organizations, and emails that impersonated these organizations or executives from the exchange itself.

CryptoCore then infects victims by sending them protected files with supposed passwords, that when run install malware on their computers. After searching for keys in password managers, they then infect the exchange’s network to search there. Once they have access, the funds are transferred to wallets they control.

While it isn’t clear where CryptoCore is based, ClearSky believes they are somewhere in East Europe. Other hacking groups, specifically form North Korea, are also known to target the cryptocurrency space.

Featured image via Pixabay.