Eterbase Exchange, a popular Slovakian cryptocurrency exchange platform was hacked by threat actors, on September 8, 2020. Reportedly, $5.4 Million worth of funds were stolen and transferred by hackers from the platform, taking the security industry by storm.
Hackers usually target cryptocurrency firms, since crypto funds are way easier to access and transfer. With digital money exchange platforms thriving in business ever since the pandemic broke out, malicious activities by cybercriminals are on the rise in 2020.
According to security analysts and researchers, the cybercriminals hacked into the network system of Eterbase Exchange and plundered the hot wallets of the customers. Reportedly, six of the hot wallets that were looted by the cybercriminals from the cryptocurrency platform.
These wallets included a varied range of cryptocurrencies including Ether, Bitcoin, ALGO, Tezos, Ripple, and TRON riches. The wallets that were in the form of Ether currency cumulatively were of $3.9 Million net worth.
The security breach made Eterbase put its exchanges on maintenance mode for the time being before the issue was completely resolved. Updates on the attack and threat response were disclosed by security officials of Eterbase Exchange took to Telegram, to assure that they are working on damage repair around the clock to ensure restorations.
How was the Security Breach Perpetrated?
The investigation is still ongoing regarding the actual identification of the hackers, and how the security breach happened. However, according to the information disclosed by security experts of Eterbase, the cybercriminals had hacked into the network system of the cryptocurrency platform.
Subsequently, they gained access to the hot wallets of the clients. Since hot wallets are connected to the internet hackers gained easy access to them while infiltrating the company’s website. They immediately began to transfer the stolen funds from the hot wallets to the accounts of rival exchange platforms such as Binance, HitBTC, and Huobi.
However, security professionals of the platform wasted no time in initiating an effective threat response plan. After putting all exchanges on hold by settling their functionalities to maintenance mode, the professionals reported the cyberattack to the law enforcement agency.
Authorities at Eterbase have made a public statement to assure their clients. They have reported that they are doing the needful to make sure that the amount their clients have deposited does not suffer any damage because of the cyber attack.
More details about the attack and the course of action of the cybercriminals would only be discovered after the ongoing investigation ends. Eterbase has also reached out to their rival exchange platforms, asking them to freeze the transferred funds, so that the threat actors can’t cash out their loot.
The Rising Number of Cyber Attacks on Crypto Firms in 2020
Unlike cold wallets, hot wallets are wallets that contain a cryptocurrency that is connected to the internet. A client of the crypto firm uses the hot wallets to hold his funds, trusting the platform with the responsibility to manage their wallets.
The public and private keys assigned to these hot wallets are also overseen by the platform itself. Therefore, the user is completely at the disposal of the platform’s security infrastructure to ensure no amount is lost.
However, while hot wallets are comparatively easier to set up, they are also much easier to gain access to. This is the reason why cybercriminals have shifted their focus to cryptocurrency firms. They try to search for exploitable vulnerabilities in their system to gain access to wallets and plunder its contents.
In our previous blog, we discussed how the North Korean hacker group, Lazarus, was shifting its target to cryptocurrency firms. Similarly, very recently an incident was reported where cybercriminals stole $25 million worth of cryptocurrency from Uniswap Exchange and the Lendf.me lending platform.
In the reported incident cyber attackers yet again took advantage of a vulnerability that concerned the ERC777 token standard in the Ethereum blockchain technology. Security experts have been driven to the conclusion that both attacks could have been carried out by the same hacker/hackers as the same exploit known as a “reentrancy attack” was used in both cases.
99.95% of the funds, amounting to a whopping $24.5 million dollars was stolen from Lendf.me. Initially designed by the dForce Foundation, imBTC, an ERC-20 token was stolen by the cybercriminals in the attack. Currently, it is run by Tokenlon.
Measures to Prevent Security Breach in Your Organization
To prevent security breaches and protect against the malicious activities of cybercriminals, it is imperative to make VAPT services, a part of your organization’s security program. A Vulnerability Assessment and Penetration Testing program ensures that all your organization’s networks, applications, servers, Cloud, and IoT devices are secure by assessing all existing vulnerabilities in the same.
VAPT works by conducting detailed research on the server or application, its features, and architecture, in consultation with the company’s development team or IT team. On the basis of the collected information, the security pen-testers implement a “Red Team” approach to impersonate real-life cyberattacks.
To reduce the impact of the dummy attack, they schedule the simulation, either on a dummy environment or during times of lowest network activity (lowest traffic). Subsequently, pen-testers run vulnerability scanners to search for the possible vulnerabilities that may be present in the platforms, APIs, technology framework, etc. This step is known as Vulnerability Assessment.
In the Penetration Testing phase, the cybersecurity pen-testers run exploits on the application, server, or network to evaluate their degree of security. They make use of custom scripts, open-source exploits, and in-house tools to achieve a high degree of penetration.
Finally, pen-testers generate concise and comprehensive reports on the vulnerabilities that have been revealed during the test. They provide the organization with detailed discussions on the nature of the vulnerabilities found, their impact, and threat level, and also give their recommendations on how to resolve them.
Keep Your Employees Cyber-aware
As an additional measure to ensure cybersecurity in your organizations, CISOs, CIOs, and equivalents may also include security awareness and training programs as a part of their company’s security policy.
Employees are often considered to be the weakest link in an organization because surveys conducted by security analysts worldwide disclose that 43% of the employees are unaware of attack vectors.
Hence, A well-rounded cybersecurity awareness and training program will help spread awareness among them and educate them regarding attack response and prevention.