Methodology of Crypto Exchange Hackers

Security Researchers Explain Methodology of Crypto Exchange Hackers

Security researchers who convened at the Black Hat virtual conference, reported on how the notorious group CryptoCore was able to hack $200 million worth of crypto money. The heist, as reported by Cointelegraph last June 2020, saw several crypto exchanges operating across the globe, losing cryptocurrencies from cyber attacks perpetuated by way of a phishing campaign that lasted for two years.

The report revealed how crypto exchanges become vulnerable to hackers despite claims of having high privacy and tight security measure in place to protect their funds. Researchers enumerated three methodologies that allowed hackers to succeed in attacking five crypto exchanges in Japan, the Middle East and the U. S, .Omer Shlomovits, cofounder of KZen Networks and Aumasson, a cryptographer categorized the attacks as:

1) Insider attack or inside job,
2) Exploitation of a relationship between a crypto exchange and a customer
3) Partial extraction of secret keys.

According to the report, the approach was similar to breaking open a conventional bank vault by turning on six keys all at the same, which means the hackers had to dissect private keys into smaller pieces in preparation for their cyber heist.

Insider Attack or Inside Job

An insider, explores and exploits the vulnerability of the cryptocurrency exchange’s open-source library. Using the refresh mechanism, an inside attacker who is also a key holder initiates a refresh. Then he or she does some manipulation to alter some keys but at the same time retain some. The manipulation will cause a denial of service that permanently locks out the cryptocurrency exchange out of its own digital funds.

Another way that an inside attacker launches an incursion is to figure out private keys generated by exchange customers when initiating multiple key refreshes. This enables the inside attacker to carry out the stealing process by manipulating exchange processes using false validation statements.

Exploitation of Relationship between Crypto Exchange and Customer

Shlomovits and Aumasson said attacks could occur once the insider becomes a trusted party in a crypto exchange for which they receive their portions of the key. Any of the trusted parties with malicious intent can generate random numbers that is up for public verification. However, the researchers found out that in the case of Binance, the site skipped the checking of random values generated by trusted parties.

Extraction of Secret Keys

Malicious trusted parties use the unvalidated values in sending constructed messages to other users, who in turn, assign the unvalidated information. Exchange users using multiple key refreshers become the targets of the malicious trusted parties, for purposes of extracting private keys to use in launching the cyber hack.

Posted by Madelina Feliks in Cryptocurrency