A high Russian-language underground discussion board has been operating a “contest” for the previous month, calling on its group to submit “unorthodox” methods to conduct cryptocurrency assaults.
The discussion board’s administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the potential of focusing on cryptocurrency-related know-how, together with the theft of personal keys and wallets, along with protecting uncommon cryptocurrency mining software program, good contracts, and non-fungible tokens (NFTs).
The contest, which is prone to proceed until September 1, will see whole prize cash of $115,000 awarded to the very best analysis.
“Up to now, the highest candidates (in keeping with discussion board member voting) embody subjects like producing a pretend blockchain front-end web site that captures delicate info reminiscent of personal keys and balances, creating a brand new cryptocurrency blockchain from scratch, rising the hash charge velocity of mining farms and botnets, and demonstrating a customized software that parses logs for cryptocurrency artifacts from sufferer machines,” mentioned Michael DeBolt, Intel 471’s Senior Vice President of International Intelligence, in an electronic mail interview with The Hacker Information.
Different entries checked out manipulating APIs from fashionable cryptocurrency-related companies or decentralized-file know-how to acquire personal keys to cryptocurrency wallets in addition to making a phishing web site that allowed criminals to reap keys to cryptocurrency wallets and their seed phrases.
With underground marketplaces like Hydra enabling cybercrime teams to money out their cryptocurrency haul, submissions that might be of use to Ransomware-as-a-Service (RaaS) operators with a view to step up the stress and power their victims into heeding to their ransom calls for is prone to acquire enormous consideration. However DeBolt famous that the majority entries up to now have been about directions or instruments for tips on how to plunder cryptocurrency belongings, which isn’t probably going to be of “fast vital worth” to RaaS cartels.
Though different cases of incentivized contests involving subjects like cellular OS botnets, ATM and point-of-sale (PoS) exploits, and pretend GPS alerts have been noticed earlier than within the cybercrime underground, the event is yet one more indication that criminals are more and more exploring cutting-edge methods to satisfy their monetary motives.
“The largest takeaway from the adversary aspect is that this sort of incentivized knowledge-sharing bolsters the already interconnected and interdependent cybercrime underground by consolidating illicit assets in a single place and making it simpler for like-minded criminals who wish to pursue cryptocurrency hacks by giving them a platform to collaborate, focus on and share concepts,” DeBolt mentioned.
“Conversely, the most important takeaway from the defender aspect is that we are able to make the most of these open contests, to achieve an understanding of present and rising methodologies and ways that we are able to put together for. It illuminates issues for us and helps to stage the enjoying subject,” he added.