Byline: Hannah Parker
Crypto assaults and hacks are rising as hackers use more advanced techniques to prey on unsuspecting victims. In the midst of crypto attacks, ‘Purple Drainer’, a well-known hacker group, has surfaced.
The group pretended to be crypto news journalists to conduct phishing operations against Twitter and Discord accounts, stealing around $3 million from nearly 2,000 victims. Atomic Wallet, a well-known cryptocurrency storage provider, also recently experienced a severe hack that resulted in losses of $35 million since losses on June 2, 2023. These worrying instances demonstrate the urgent need for increased security controls inside the cryptocurrency sector to safeguard users from the rising risks of cybercrime.
How do Crypto Hacks Happen?
Cybercriminals use highly sophisticated techniques to carry out crypto assaults and hacking incidents. Phishing is a popular tactic where attackers establish phoney websites or send phoney emails impersonating legitimate organisations, like cryptocurrency exchanges or wallet providers. The attack is aimed at duping users into revealing their login information or sensitive data, allowing the attacker to enter their crypto accounts.
Hackers can also obtain unauthorised access to Bitcoin wallets or platforms by taking advantage of flaws in software or smart contracts. To steal sensitive information or take over accounts, attackers may also use social engineering techniques, which involve psychological manipulation or impersonation of the victim.
Malicious software is often used in ransomware and malware attacks to infect systems, steal cryptocurrency holdings, and extort victims for money. These strategies emphasise the importance of a solid security posture, robust authentication procedures, looking out for dubious links and emails, and keeping software and systems updated to reduce the chance of crypto attacks or hacking.
Hackers use a variety of strategies to breach cryptocurrency systems and target them for attack. Here are a few typical techniques for crypto hacking:
- Phishing: Hackers impersonate trustworthy cryptocurrency exchanges and wallets by sending phoney emails or building duplicitous websites. Users who aren’t paying attention may unintentionally give out their login information or other sensitive data, giving hackers access to their accounts.
- Social engineering: Hackers who practice social engineering trick users into disclosing private information or taking activities that jeopardise their security. This may involve pretending to be reputable people or organisations to win the victim’s trust and obtain personal information.
- Malware and ransomware: Hackers create and disseminate harmful software that infects consumers’ devices, including ransomware. Once activated, the malware can hijack transactions and steal private keys and login passwords. Data from users may be encrypted by ransomware and held hostage until a Bitcoin ransom is paid.
- Vulnerabilities: Hackers use loopholes or vulnerabilities found in software, platforms, or smart contracts to obtain illegal access or influence transactions. This may include weak points in the coding, out-of-date software, or incorrect system setups.
- Insider attacks: In some situations, people who have legitimate permission to access cryptosystems (such as workers or contractors) may abuse their powers to jeopardise security or embezzle money. This might entail manipulating transactions, accessing private information, or exploiting security flaws.
- Brute force attacks: Hackers employ automated systems to repeatedly guess login information or secret keys by attempting many combinations, known as brute force attacks. This strategy makes use of keys and passwords that are weak or simple to guess.
- SIM swapping: Hackers can target victims’ mobile phone numbers by tricking telecom companies into transferring a customer’s mobile phone number to a device under their control. They can use this to access accounts connected to the phone number or intercept two-factor authentication (2FA) credentials.
- Supply chain attacks: Hackers prey on dependencies or third-party service providers utilised by Bitcoin initiatives. They can introduce malicious code or obtain unauthorised access to private data by undermining these reputable organisations.
Hackers Impersonate Crypto News Journalists and Steal $3 Million
The hacker group known as “Purple Drainer” has been using phishing attacks to pose as journalists to infiltrate Twitter and Discord accounts and steal cryptocurrency. According to ScamSniffer, an anti-scam platform, Purple Drainer was capable of accessing the accounts of 1,932 victims and stealing roughly $3 million in virtual wealth from the Mainnet, Arbitrum, BNB, Polygon, Optimism, and other blockchains. After taking $3,27,000 in NFTs from a single user, the scammer was apprehended by ScamSniffer’s on-chain tracking bots.
By phishing and using social engineering tactics, the group was able to win over their victims’ trust and drive them to websites where they can borrow Discord authentication tokens by informing them that they must complete a KYC (Know Your Customer) validation to complete their identification.
Instructing users to add bookmarks containing Unkind JavaScript code by dragging them to a “Drag Me” button on the Unkind website; these websites pose as Unkind bots like the Carl verification bot. From there, the attackers can take over accounts without knowing their victims’ login information or having access to their two-factor authentication codes by intercepting the codes or stealing Discord tokens.
To take complete control of the account, the attackers removed all other directors and replaced themselves as directors, giving them uninterrupted access to sensitive information and virtual wealth.
At the same time, Atomic Pockets, a mobile and desktop cryptocurrency wallet that enables users to store multiple cryptocurrencies, has had a security breach and lost over $35 million in cryptocurrency wealth within ten days..
According to cybersecurity researchers at Bitcoin Decode, around $35 million worth of Bitcoin has been stolen due to this vulnerability after he gathered transactions of various prices from Atomic Pockets victims.
The loss of $3 million from 1,932 victims by spoofing crypto hackers offers a sobering reminder of the pervasive threat posed by hacking and cybercrime in cryptocurrency. These occurrences highlight the necessity for stringent security controls and increased user awareness in the sector. Due to the sophisticated methods used by hackers, including phishing, social engineering, and vulnerability exploitation, it is crucial to confirm communication channels and use caution when disclosing personal information. Users must exercise caution, implement multi-factor authentication, follow secure password guidelines, and keep up with the most recent security threats to reduce these risks. To improve the ecosystem’s overall security, the crypto sector should strengthen its security architecture, conduct exhaustive audits, and promote cooperation. Users may better protect their digital assets and help create a safer crypto environment by taking preventative measures and fostering a culture of cybersecurity awareness.