Table of Contents
For the few past months, a top Russian-language underground forum has run a “contest” in which it is asking its community to submit unconventional ways of attacking cryptocurrency hacks
On April 20, 2021, the forum’s administrator invited members to submit papers giving insight into possible threats against cryptocurrency hacks
including theft of private keys and wallets and covering unusual cryptocurrency mining software, smart contracts, and non-fungible tokens.
Prize money of 5,000 will be awarded to the best research in the contest, which will run until September 1. Prize money is stated for the contestants to remain motivated.However, the culprits behind the competition will benefit the most if it is to work out. There has been a lot of talk about cryptocurrency these days, with famous billionaire Elon Musk consistently posting tweets regarding his take on cryptocurrencies.
Senior Vice President of Global Intelligence said:
“So far, the top candidates (according to forum member voting) include topics like generating a fake blockchain front-end website that captures sensitive information such as private keys and balances, creating a new cryptocurrency blockchain from scratch, increasing the hash rate speed of mining farms and botnets, and demonstrating a custom tool that parses logs for cryptocurrency artifacts from victim machines.”
Additionally, a phishing website offered the possibility of harvesting keys to cryptocurrency wallets and their seed phrases by manipulating APIs.
Since underground marketplaces like Hydra enable cybercriminals to cash out their cryptocurrency haul, methods allowing Ransomware-as-a-Service (RaaS) operators to force victims to pay their ransom demands are plausible. DeBolt points out that most entries to date deal with instructions on how to plunder cryptocurrency assets, which have very little immediate significance to RaaS cartels.
Other cybercrime underground contests have been held before, including those involving ATM and point-of-sale (PoS) exploits and fake GPS signals, but the latest development is yet another indication that criminals are increasingly leveraging cutting-edge techniques to further their objectives.
DeBolt explained takeaways for both sides
“From an adversarial perspective, the most important takeaway is that this type of incentivized information-sharing makes it easier for cybercriminals to access cryptocurrency hacks resources. By consolidating illicit resources in one place and allowing them to collaborate, discuss and share ideas. On the other hand, we, on the defensive side, can benefit from these open contests by gaining insight into current and emerging tactics and methodologies. It is illuminating for us, and it leveled the playing field for us.”