As digital currency users continue to flourish, cryptocurrency hackers are shifting their focus toward these individuals, making “security hygiene” an absolute necessity, emphasizes Binance’s Jimmy Su.

The darkest recesses of the internet are home to a highly structured network of hackers, who particularly target cryptocurrency users with inadequate “security hygiene”, states Jimmy Su, Binance’s leading security official.

In an interaction with Cointelegraph, Su suggested a recent trend shift among hackers, targeting crypto end-users.

Recalling Binance’s initial days post-launch in July 2017, Su revealed that attempts to infiltrate their internal network were commonplace. However, with enhanced security measures across crypto exchanges, hackers have adjusted their strategies.

“Hackers consistently exploit the path of least resistance, as they too view this as a business venture. Their operations resemble a well-oiled machine,” Su noted.

According to him, this sophisticated network consists of four unique segments: data collectors, information refiners, actual hackers, and money launderers.

Data Collection

The foremost step, termed as “threat intelligence” by Su, involves illicit collection and compilation of information about crypto users, which includes browsing habits, preferred crypto sites, email addresses, names, and social media presence.

“There’s a thriving market on the dark web for this type of information, providing detailed user profiles,” Su clarified in a May interview.

He mentioned that this information is often collected en masse, from past data breaches or compromised vendors and platforms.

Earlier this year, Privacy Affairs’ research paper disclosed that hacked crypto accounts are available for purchase at rock-bottom prices, starting from merely $30. Fake documents, often used to set up accounts on crypto trading platforms, are also for sale on the dark web.

Data Refinement

The collected data is then sold to the next group — typically data engineers who specialize in refining this information.

Su mentioned a case where a dataset for Twitter users was further analyzed to pinpoint those with interests in crypto.

These engineers leverage scripts and automated bots to deduce which exchanges a user might be registered with. They do this by attempting to create an account using the user’s email. If the attempt results in an error citing pre-existing use, they know the user is registered with that exchange. This information can be used for highly targeted scams, Su added.

Hackers and Scammers

The third tier consists of the actual offenders — phishing scammers or hackers who utilize the refined data for targeted phishing attacks.

“Armed with the knowledge that ‘Tommy’ uses exchange ‘X’, they can send an SMS saying, ‘Hey Tommy, we detected a withdrawal of $5,000 from your account; please click this link and reach customer service if this wasn’t you.'”

Trezor, a hardware wallet provider, alerted its users about a phishing scam in March designed to rob investors by tricking them into entering their wallet’s recovery phrase on a counterfeit Trezor website.

The attackers, masquerading as Trezor, contacted victims via phone calls, texts, or emails, alleging a security breach or suspicious activity on their Trezor account.

Successful Heist

After acquiring the funds, the last challenge for these offenders is to evade detection. This could involve leaving the stolen assets untouched for years before moving them to a crypto mixer like Tornado Cash.

“There are syndicates that patiently sit on their stolen profits for two to three years without any movement,” Su added.

While completely eradicating crypto hackers might not be feasible, Su strongly recommends that crypto users exercise better “security hygiene.”

This could mean withdrawing permissions for decentralized finance projects if they are no longer in use, or ensuring communication channels, such as email or SMS used for two-factor authentication, are kept strictly confidential. It’s crucial to remember that maintaining a robust defense line is as important as investing wisely in the volatile world of cryptocurrencies. One could also consider keeping separate email accounts for financial and personal use and refrain from sharing details about cryptocurrency holdings on social media platforms.

Taking extra precautions to keep your online activities secure from prying eyes, such as regularly updating software, employing strong, unique passwords, and using trusted security software can further strengthen your defense against these threats. Ultimately, in the fast-paced crypto universe, staying informed and cautious are your best safeguards against becoming an easy target for darknet syndicates.