Hackers Running a Cryptocurrency Hacks Contest to Find New Ways to Steal Your Money

The Hacker News reported on June 2 that a Russian-language forum on the dark web has been running a contest for the past month asking hackers to submit ideas for “unorthodox” cryptocurrency attacks. The promised prize is $115,000 for the winner. 

What is Going On?

On April 20, 2021, the forum’s administrator posted a notice inviting members to submit unique ideas. The Hacker News explained that the admin requested “papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and wallets, in addition to covering unusual cryptocurrency mining software, smart contracts, and non-fungible tokens (NFTs).”

Security experts believe the contest will continue until about September 1, 2021, and then the best researcher with the most promising idea will be awarded the $115,000.

According to Intel 471’s Senior Vice President of Global Intelligence, Michael DeBolt,

“So far, the top candidates (according to forum member voting) include topics like generating a fake blockchain front-end website that captures sensitive information such as private keys and balances, creating a new cryptocurrency blockchain from scratch, increasing the hash rate speed of mining farms and botnets, and demonstrating a custom tool that parses logs for cryptocurrency artifacts from victim machines.”

Other promising ideas included manipulating APIs, obtaining cryptocurrency private keys to wallets, and creating a dedicated phishing website to steal credentials, wallet passwords, and their seed phrases.

Another Innovative Way to Commit Crimes

This is not the first contest to incentivize criminal activity. Some previous exploits included mobile OS botnets, ATM and point-of-sale (PoS) exploits, and fake GPS signals. 

DeBolt commented that 

“The biggest takeaway from the adversary side is that this type of incentivized knowledge-sharing bolsters the already interconnected and interdependent cybercrime underground by consolidating illicit resources in one place and making it easier for like-minded criminals who want to pursue cryptocurrency hacks by giving them a platform to collaborate, discuss and share ideas.”

He added that

“Conversely, the biggest takeaway from the defender side is that we can take advantage of these open contests, to gain an understanding of current and emerging methodologies and tactics that we can prepare for. It illuminates things for us and helps to level the playing field.”

What Can Be Done About It?

Cryptocurrency attacks have become a major player among cybercriminals. When successful, these types of attacks can yield a healthy bounty for very little intervention. Because cryptocurrency is impossible to track and considered very private, it makes bringing these criminals to justice extremely difficult. So, what can be done about it?

The U.S. intelligence agencies regularly monitor dark web forums, and operatives often pose as members, cyber thieves, and other criminals to infiltrate hacker groups and learn more about the power structure and operations. 

Dark web interactions are heavily guarded, and all transactions are encrypted for absolute secrecy, so the government cannot just install software to track the behavior of known criminals. The only way to make headway against thes  e and other types of attackers is to play the long game and infiltrate organized crime syndicates that operate on the dark web, learn all they can and then take action in the real world. 

The best we can hope for right now is that the weakest links in the chain of command will slip up and share information that allows law enforcement to identify these criminals so they can track them down and apprehend them, putting them away for good. 

In the meantime, we can only hope that no good ideas come from these contests and that cybercriminals have tapped out with any new techniques for gaining access to cryptocurrency wallets and user credentials.