On underground forums, cybercriminals are looking for new techniques to compromise cryptocurrency services.
Capture the Flag competitions, lectures and gamification in cybersecurity courses, designed to equip students with practical skills, are common in the white hat field. But contests are also launched by cybercriminals to create new offensive techniques.
$ 100,000 for the best research
Over the past month, according to Intel 471, Russian underground forum operators held a contest asking for articles on “how to target cryptocurrency-related technologies.”
As of April 20, the competition has aimed to bring together unorthodox methods, ranging from theft of private keys and wallets used to store cryptocurrencies, including bitcoin (BTC) and Ethereum (ETH), to software proposals from mining of “unusual” cryptocurrencies, including proposals for smart contracts and non-fungible tokens (NFTs).
According to the team, the proposals were accepted for 30 days, with the forum administrator claiming that prizes worth $ 100,000 would be awarded for “best” research – and an additional $ 15,000 was added to the prize pool. .
Trendy cryptocurrencies among cybercriminals
Some articles have been posted for forum users to evaluate, including ways to manipulate APIs used by cryptocurrency platforms, use of phishing sites to harvest keys and passphrases, etc.
Posting this type of information on underground forums is nothing new, and similar forums have started their own competitions in the past, on topics ranging from software vulnerabilities to ATM and point-of-sale attacks. (PoS).
However, this cryptocurrency-focused contest shows just how lucrative this theme is – despite, or perhaps because of, the volatility of certain coins – and not just because of the use of cryptocurrencies by ransomware operators.
Cryptocurrencies facing security concerns
A security researcher kept a significant vulnerability in Bitcoin Core secret for two years, which could be used to crash the main BTC blockchain, as well as Bcoin, Btcd and other similar blockchains. This vulnerability was quietly patched before another researcher stumbled upon the same issue and its existence was made public.
Other security issues related to cryptocurrencies and blockchains were identified this year: Akamai’s discovery of a botnet using BTC mining activities and blockchain in general as a method of concealment, and the use of zero vulnerabilities. -day from Microsoft Exchange Server in March to install underground cryptocurrency mining software on vulnerable machines.