Binance security chief Jimmy Su had an interview with an online news site warning crypto users against hackers targeting people with poor security hygiene. The CSO said a group of organized dark web hackers lurk in the shadows and try to exploit the slightest security risk to loot users’ crypto assets.
In it interview, Su noted that Binance saw many hacking attempts on its network in the early years. But these hackers have shifted their focus from crypto companies to end users.
Su Decomposes The Layers In The Hacker Ecosystem
Phishing scams have become common in the crypto space. In February, Trezor, a hardware wallet provider, warned users of a phishing scam designed by criminals to steal investors’ funds. The fraudsters trick users into entering the wallet reset phrase on a fake Trezor website.
Binance CSO Jimmy Su stated that the hacker community is well-established and operates under four layers, including intelligence gathering, data refiners, hackers and money launderers.
The data collector is the first layer of the hacker community, which Su described as “threat intelligence.” Here cybercriminals and bad actors collect and compile illegally obtained information about crypto users.
They create spreadsheets with information about different users. The information may include crypto-related websites the user visits, their email addresses, names and social media profiles.
As Su explained, there is a market for selling this ill-gotten user information on the dark web. An April 24 essay by data security provider Privacy Affairs revealed that cybercriminals are selling ill-gotten user account information on the dark web.
Another group of data engineers specializing in data refinement buys the poorly retrieved user data. According to Su, this group analyzes the data set and sorts the crypto-related ones. The computer engineers use scripts and bots to determine which exchange the crypto enthusiast is using.
They do this by trying to create an account with the user’s email address. The criminals will know if the user is registered with the exchange if they receive an error message saying that the email address is already in use.
The next layer is the phishing scammers or hackers who take refined data to create targeted phishing attacks. “Since they now know that Tommy is an Exchange X user, they can just send an SMS saying, ‘Hey Tommy, we detected that someone withdrew $5,000 from your account; please click this link and reach customer service if it wasn’t you,” Su said.
Related reading: Binance Australia raided by regulator in dramatic turn of events
The last step after stealing the money is to find an escape route to avoid the theft penalty. According to Su, the hackers could leave looted funds dormant for years before moving them to crypto mixers like Tornado Cash.
“There are groups we know that can sit on their stolen profits for two, three years without any movement,” Su said.
While there aren’t many measures to stop hackers, Su advises users to practice better “security hygiene” to protect this data from fraudsters.
Featured image from Pixabay and chart from TradingView.com
