A top rated Russian-language underground discussion board has been functioning a “contest” for the earlier thirty day period, calling on its group to post “unorthodox” strategies to carry out cryptocurrency attacks.
The forum’s administrator, in an announcement created on April 20, 2021, invited users to post papers that evaluate the probability of focusing on cryptocurrency-relevant technological know-how, including the theft of non-public keys and wallets, in addition to covering abnormal cryptocurrency mining software, sensible contracts, and non-fungible tokens (NFTs).
The contest, which is possible to continue on till September 1, will see a complete prize funds of $115,000 awarded to the best research.
“So considerably, the top candidates (according to discussion board member voting) include subject areas like creating a pretend blockchain entrance-close site that captures sensitive facts these types of as private keys and balances, making a new cryptocurrency blockchain from scratch, rising the hash rate speed of mining farms and botnets, and demonstrating a customized instrument that parses logs for cryptocurrency artifacts from sufferer devices,” reported Michael DeBolt, Intel 471’s Senior Vice President of World Intelligence, in an e-mail interview with The Hacker News.
Other entries appeared at manipulating APIs from well-known cryptocurrency-connected expert services or decentralized-file technological innovation to get private keys to cryptocurrency wallets as properly as making a phishing web page that permitted criminals to harvest keys to cryptocurrency wallets and their seed phrases.
Supplied the important role played by underground marketplaces like Hydra in enabling cybercrime teams to hard cash out their cryptocurrency haul, it is plausible that procedures that allow Ransomware-as-a-Services (RaaS) operators to step up tension on victims and pressure them to give into their ransom demands could achieve traction. But DeBolt famous that most entries so considerably have been about guidance or instruments for how to plunder cryptocurrency assets, which are not likely to be of any “instant considerable worth” to RaaS cartels.
While other scenarios of incentivized contests involving matters like cellular OS botnets, ATM and point-of-sale (PoS) exploits, and bogus GPS signals have been noticed prior to in the cybercrime underground, the latest development is still another indication that criminals are progressively checking out slicing-edge approaches to support further their motives.
“The most important takeaway from the adversary side is that this variety of incentivized expertise-sharing bolsters the already interconnected and interdependent cybercrime underground by consolidating illicit sources in just one position and generating it simpler for like-minded criminals who want to pursue cryptocurrency hacks by providing them a platform to collaborate, examine and share strategies,” DeBolt stated.
“Conversely, the biggest takeaway from the defender facet is that we can take benefit of these open up contests, to gain an understanding of current and emerging methodologies and methods that we can get ready for. It illuminates matters for us and aids to degree the participating in field,” he extra.