Why pay attention to crypto heists during Black Friday, Cyber Monday, and beyond? Cryptocurrency is fundamental and could be your most important asset soon.
Stealing 230 million US dollars in cash, credit cards, artwork, and jewels is far more common and understandable than understanding a crypto heist or scam. Comprehending a 230 million crypto theft is challenging, and the explanation becomes far more confusing for most people, including law enforcement and the legal system.
The 230 million US dollars in crypto stolen by Lam and Serrano executed one of the largest cryptocurrency thefts in history. While $230 million is a large number, this represents only 4100 coins in the bitcoin world.
The rising dollar value of these coins is likely to draw more thieves to this realm.
The story behind the Lam Serrano crypto heist shows a new and very challenging crime that most people still struggle to figure out. Specifically, there was an impersonation of a Google employee, an actual theft of cryptocurrency, and digital money laundering on a global scale in a completely unregulated enterprise.
Sound like another day in the world of crime? Sadly, this is the future.
What is a Crypto Heist?
Like any other cybersecurity attack, hackers look for vulnerabilities within the infrastructure, applications, mobile devices, and username and password credentials. Crypto heists are extremely similar.
Hackers will target blockchain infrastructures, attempt to hack into the ledgers, look for vulnerabilities within mobile devices housing the crypto wallets, and try to hijack the mining process.
Like business email compromise and corporate officer impersonations, hackers will also use social engineering and email phishing to coerce their victims into disclosing their secret keys to their crypto wallets.
Crypto Heists News and Rising Crime: What Are Top Crypto Heists in 2024?
Medical records theft or identity theft are more well-known to the public than crypto heists.
Here are some examples of crypto heists in recent years:
The Lam Serrano Heist
20-year-old Malone Lam and 21-year-old Jeandiel Serrano fraudulently acquired over 4100 bitcoins worth $230 million. These crypto hackers compromised their victims to give access to their crypto wallets and secretly transferred the bitcoins to their controlled wallets.
The hackers attempted to launder the stolen bitcoins through lavish spending by purchasing luxury cars, traveling internationally, renting high-end houses, buying watches, and other expensive items while living luxurious lifestyles.
Bitcoin continues to be accepted for many high-end transactions and extends the ability of its owners to hide it from law enforcement and tax authorities, at least for now.
The Ronin Network
Hackers stole over half a billion dollars of Bitcoin or Ethereum from the Ronin Network, a blockchain supporting a token-based video game. This made it the largest Bitcoin heist of 2022. Hackers successfully hacked the nodes that handled all transactions within this global game. Players purchase and earn tokens. Even within the gaming realm, money laundering is a global problem for law enforcement. Adding in bitcoin transfers between gamers makes the ability to track the asset even more complicated.
Law enforcement officials specializing in Bitcoin theft attacks believe this attack originated with a hacker group embedded within North Korea.
The initial focus of the North Korea hacking team targeted Sky Mavis employees through LinkedIn. Their goal was to have their engineers apply for a role at Sky Mavis, extending access into the various cryptosystems by handling the tokens and compromising five out of nine miners or validators. Because of the social engineering attack, the hacker team successfully hijacked the validators and secret keys, compromising the entire platform of handling the tokens.
Atomic Wallet Hack: 2023
North Korea's cyber crypto hackers have stolen nearly 2 billion dollars in cyber currencies over a 30-plus-year period and laundered the funds through cryptocurrency exchanges.
In 2023, North Korea hackers focused their efforts on Atomic Wallet users, resulting in a 100 million cryptocurrency breach affecting around 4,100 victims. Like traditional cyberattacks, North Korean hackers started this crypto heist with email phishing and then launched a malware attack against Atomic Wallet's supply chain.
The hackers successfully stole several cryptocurrencies, including Ethereum, Tron, Bitcoin, XRP, DOGE, and Litecoin. After the initial breach, the North Korea hackers quickly funneled the stolen crypto through a series of complex connections through several centralized exchanges, landing funds within several compromised wallets.
This complex hacker uncovered the vulnerabilities within some blockchain cross-chain ecosystem instances.
The Role of Social Engineering in Crypto Heists
Like common cyberattacks evolving email phishing, social engineering attacks are significant in crypto scams. Most crypto heists start with some form of social engineering where hackers will troll LinkedIn, Facebook, and other media platforms, looking for people who promote themselves as "crypto global players." Hackers will use AI and ML to create well-crafted emails, text, and deepfake voicemails that impersonate someone within the target's inner circle.
Social engineering is extremely effective in cryptocurrency because most players use anonymous names and often operate within the dark web or underground digital communities. Compromising is easy if the hacker can impersonate someone that the victim knows or trusts.
Social Engineering With the Lam Serrano Heist
By leveraging social engineering, Lam and Serrano identified their victim through social media posts.
Much of the Lam Serrano case involved targeting someone considered a high-level player within the Bitcoin world. They used well-crafted communications, posing as Google and Gemini support engineers, to gain access to a cloud drive that contained the victims' secret keys to their digital wallets. Lam and Serrano successfully compromised the multifactor authentication (MFA) and transferred the keys from Gemini to a compromised crypto wallet.
North Korean Fake Job
North Korea hackers leveraged social engineering techniques, including creating false job postings, hoping to lure someone currently employed at a crypto exchange, security operations, or application development, and creating digital wallets. The job posting document resembled a PDF file loaded with malware. This malicious file would load on the victim's device, extending access to the North Korea hackers.
Psychological Reasons Behind Individuals Getting Trapped in Crypto Heist Scams
People buying and selling Bitcoin and other cryptocurrencies see themselves as different from your average traders. While regular investors still focus on stocks, bonds, ETFs, and IPOs, crypto traders love the element of danger, risk, and rewards of buying and leveraging an asset well beyond almost everyone's comprehension.
Greed plays a huge part in crypto. Spend 20 years running around with a fully loaded digital wallet buying high-end cars with dealerships that see the return on acquiring a bitcoin go up well after the car is sold. That could be the new economy for the auto industry.
Ego also plays a huge part within the crypto realm. People trading in crypto are only satisfied if they become billionaires. Being a millionaire in the crypto world is simply a day's work.
Many fall for crypto scams because they desire to become billionaires with just a few clicks. Hackers follow these players through their social media postings, showing off their fancy sports cars, a yacht full of beautiful people, or videoing themselves purchasing Rolex watches for their crew.
Hackers prey on their victims' egos, offering triple returns on Bitcoin. The victims always look for ways to increase their digital wallets while maintaining their growing lust to be a global player, and they will quickly transfer funds to the scammer.
Fear of Missing Out? Ask Tom Brady
Hackers, using the herd mentality, also lure people who are alone, offering them a chance to become "insiders" into the secret world of crypto. Ultimately, victims globally lose their investment capital without hope of recovering even a single dime.
Like many celebrities, Super Bowl champion Tom Brady invested heavily in crypto and lost $30M in the collapse of FTX, where he served as an ambassador. Scammers like FTX lure millionaire business people, sports figures, and politicians into investing in their firms.
People witnessed their sports heroes wanting to be part of the crypto world and invested their money, only to see their money lost in scandal and fraud.
Trust and Authority
Feeling like you are above the law entices people to break it. Compared to more traditional investments, Crypto is a challenging asset to track. The digital wallet's ID helps shield who is the valid owner of the asset. This emotion gives the bitcoin or cryptocurrency owner a feeling of invisibility. With this feeling, the crypto owners become huge risk-takers using this newfound wealth to purchase cars and boats, rent houses, and pay for extravagant parties.
As more high-end businesses on a global scale continue to accept bitcoin, this also entices hackers to devise clever ways to laundry stolen bitcoin.
Law enforcement has slowly caught up with blockchain, digital currency, and crypto laundering. Law enforcement has often successfully recovered stolen crypto by tracing it through various exchanges for illicit transfers.
Social Proof and Peer Pressure
Crypto social circles are smaller than regular Facebook groups, X, or Instagram. Yet, ego plays a huge role in this very tight social group. Globally, players flaunt their wealth, and less successful traders wanting to become an "Alpha" will be more inclined to take more risks and become far more open to becoming victims of fraud.
Hackers troll crypto social circles, looking for victims who follow the major players. They then approach them with the ideal crypto investment guaranteed to make them the top trader in their social world.
Cognitive Biases and Heuristics
Investors who understand cognitive biases regarding how and when they should invest play a strong role in crypto trading. Crypto trading is filled with flaws, potholes, and false information. Yet, people want others to continue investing their money into something most do not know about.
Some investments will seek advice from others before purchasing Bitcoin or others. Confirmation bias occurs when people seek advice from others to confirm their pre-existing beliefs about whether to buy Bitcoin. Hackers leveraging email phishing pose as "experts" in crypto fall for these social engineering tactics. Hackers will prey on the victim's lack of knowledge while stroking their ego with, "Come on, everyone else, you are becoming billionaires!"
Cybersecurity Measures to Protect Against Crypto Heists
Cybersecurity plays a vital role in protecting crypto assets. Similar to enterprise security measures and individual security settings, here is a list of proven adaptive controls all individuals need to enable to protect their current assets:
- Strong and Unique Passwords: Creating passwords with complex schemes is critical in protecting digital files containing information and access to crypto keys and details.
- Two-factor authentication (2FA): 2FA, including biometrics on the device and online, is essential in keeping hackers from accessing the digital wallet and keys.
- Hardware Wallets: As more software-based crypto wallets become compromised, global crypto players leverage purposely designed hardware wallets to store their currencies. Hardware wallets are far more challenging to crack than a software-only version.
- Secure Software and Updates: Like the enterprise IT world, patching and updating devices' operational systems, applications, and cybersecurity endpoint security tools is critical in protecting software-based digital wallets.
- Phishing Awareness: Phishing and social engineering work together to lure victims into Bitcoin heists and compromise wallets. Individuals should invest an hour in a learning course on understanding phishing to quickly identify a lure.
- Secure Networks: Avoiding public WiFi and use of VPN to hide identity. Leveraging a VPN on a device anywhere worldwide is critical for individuals wanting to protect their digital wallets from hackers. Use VPN clients for all Wi-Fi access, whether at airports, coffee shops, or at home. This secure connection helps hide the device's IP address location, which is critical for stopping cyberattacks.
- Company Cybersecurity Protection for Crypto Access and Infrastructure: Crypto hosting service providers, bitcoin exchanges, and corporations investing in crypto need to increase their cybersecurity protection layers to accommodate a new generation of crypto-savvy hackers.
Here are some critical controls all organizations and service providers need to implement, monitor, and sustain:
- Implement Firewalls
- Network Perimeter Security, including extended endpoint detection (XDR) system and host-based intrusion.
- Employee Training Education on cybersecurity best practices, including identifying phishing scams and social engineering.
- Secure all on-premise and cloud-based storage depositories.
- Implementation of zero-trust with SASE for cloud-based centralized authentication.
- Execute frequent vulnerability assessments, audits, and penetration tests leveraging third-party firms.
- Update the incident response plan to include full automation powered by AI, along with playback and compliance reporting.
- Engage managed security providers, including Sangfor managed detection and response (MDR) services, to assist with 24x7 coverage of all security events, threat monitoring, and remediation capabilities.
Conclusion
Cryptocurrency is here to stay. Eventually, employers could pay employees in bitcoin instead of regular currencies. Learning to protect your crypto assets starts with being aware of hackers' intent. These hackers also target your place of employment, your friends within your social media platforms, and your personal and corporate information.
Are you concerned about your current cybersecurity readiness regarding protecting crypto assets?
Contact the team at Sangfor for an initial consultation and assessment today!
