A top Russian-language underground forum has been running a “contest” for the past month, calling on its community to submit “unorthodox” ways to conduct cryptocurrency attacks.
The forum’s administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and wallets, in addition to covering unusual cryptocurrency mining software, smart contracts, and non-fungible tokens (NFTs).
The contest, which is likely to continue till September 1, will see a total prize money of $115,000 awarded to the best research.
“So far, the top candidates (according to forum member voting) include topics like generating a fake blockchain front-end website that captures sensitive information such as private keys and balances, creating a new cryptocurrency blockchain from scratch, increasing the hash rate speed of mining farms and botnets, and demonstrating a custom tool that parses logs for cryptocurrency artifacts from victim machines,” said Michael DeBolt, Intel 471’s Senior Vice President of Global Intelligence, in an email interview with The Hacker News.
Other entries looked at manipulating APIs from popular cryptocurrency-related services or decentralized-file technology to obtain private keys to cryptocurrency wallets as well as creating a phishing website that allowed criminals to harvest keys to cryptocurrency wallets and their seed phrases.
Given the crucial role played by underground marketplaces like Hydra in enabling cybercrime groups to cash out their cryptocurrency haul, it’s plausible that methods that permit Ransomware-as-a-Service (RaaS) operators to step up pressure on victims and force them to give into their ransom demands could gain traction. But DeBolt noted that most entries so far have been about instructions or tools for how to plunder cryptocurrency assets, which are unlikely to be of any “immediate significant value” to RaaS cartels.
Although other instances of incentivized contests involving topics like mobile OS botnets, ATM and point-of-sale (PoS) exploits, and fake GPS signals have been observed before in the cybercrime underground, the latest development is yet another indication that criminals are increasingly exploring cutting-edge techniques to help further their motives.
“The biggest takeaway from the adversary side is that this type of incentivized knowledge-sharing bolsters the already interconnected and interdependent cybercrime underground by consolidating illicit resources in one place and making it easier for like-minded criminals who want to pursue cryptocurrency hacks by giving them a platform to collaborate, discuss and share ideas,” DeBolt said.
“Conversely, the biggest takeaway from the defender side is that we can take advantage of these open contests, to gain an understanding of current and emerging methodologies and tactics that we can prepare for. It illuminates things for us and helps to level the playing field,” he added.