Cyber Security

A top Russian-language underground forum has been running a “contest” for the past month, calling on its community to submit “unorthodox” ways to conduct cryptocurrency attacks.

The forum’s administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and wallets, in addition to covering unusual cryptocurrency mining software, smart contracts, and non-fungible tokens (NFTs).

The contest, which is likely to continue till September 1, will see total prize money of $115,000 awarded to the best research.

“So far, the top candidates (according to forum member voting) include topics like generating a fake blockchain front-end website that captures sensitive information such as private keys and balances, creating a new cryptocurrency blockchain from scratch, increasing the hash rate speed of mining farms and botnets, and demonstrating a custom tool that parses logs for cryptocurrency artifacts from victim machines,” said Michael DeBolt, Intel 471’s Senior Vice President of Global Intelligence, in an email interview with The Hacker News.

Other entries looked at manipulating APIs from popular cryptocurrency-related services or decentralized-file technology to obtain private keys to cryptocurrency wallets as well as creating a phishing website that allowed criminals to harvest keys to cryptocurrency wallets and their seed phrases.

With underground marketplaces like Hydra enabling cybercrime groups to cash out their cryptocurrency haul, submissions that could be of use to Ransomware-as-a-Service (RaaS) operators in order to step up the pressure and force their victims into heeding to their ransom demands is likely to gain huge attention. But DeBolt noted that most entries so far have been about instructions or tools for how to plunder cryptocurrency assets, which is not likely going to be of “immediate significant value” to RaaS cartels.

Although other instances of incentivized contests involving topics like mobile OS botnets, ATM and point-of-sale (PoS) exploits, and fake GPS signals have been observed before in the cybercrime underground, the development is yet another indication that criminals are increasingly exploring cutting-edge techniques to meet their financial motives.

“The biggest takeaway from the adversary side is that this type of incentivized knowledge-sharing bolsters the already interconnected and interdependent cybercrime underground by consolidating illicit resources in one place and making it easier for like-minded criminals who want to pursue cryptocurrency hacks by giving them a platform to collaborate, discuss and share ideas,” DeBolt said.

“Conversely, the biggest takeaway from the defender side is that we can take advantage of these open contests, to gain an understanding of current and emerging methodologies and tactics that we can prepare for. It illuminates things for us and helps to level the playing field,” he added.