Hackers have compromised the social media accounts of crypto-currency platform Enigma, managing to make off with $500,000 in fraudulent scam gains before the company took back control.
Enigma is prepping for a crypto-token sale on Sept.11. Scenting an opportunity, enterprising hackers managed to alter the company’s website, and sent out targeted spam emails asking for interested parties to send funds now for the sale. However, instead of buying tokens of course, the money (in the virtual currency known as Ethereum) went into the criminals’ own wallets.
According to TechCrunch, the spam targeted 9,000 users that were part of an Enigma mailing list. The gambit managed to take in enough of them to net around $500,000, the outlet reported—even though Enigma had previously said it wouldn’t collect funding until next month.
“Cryptocurrencies are one of the more lucrative targets for account hijackers.” Phil Tully, principal data scientist at ZeroFOX, told Infosecurity. “They’re decentralized, making it hard to recover any losses; they’re pseudonymous, making real-world attribution difficult; and they’re irreversible, rendering it impossible to recover losses after attacks like scams and ransomware delivery. For these reasons, among others, cryptocurrencies have blossomed into hackers’ and scammers’ preferred method of payment, especially in the realms of DDoS and ransomware.”
In the case of the Enigma breach, social channels like Slack provided access to a key demographic of digitally-connected people who are most interested in getting into the booming crypto game, but who also lack the specialized expertise necessary to tell a legitimate from an illegitimate offer.
As for how the attackers gained access to Enigma’s accounts in the first place, “attackers compromised accounts through ‘credential stuffing,’ which relies on victims using weak or overlapping passwords among multiple digital accounts,” said Tully. “When attackers discover a password that was dumped as part of a previous third-party breach, they can pivot and try to use the same password or slight variations of it to log into a victim’s other associated digital accounts.”
To mitigate credential stuffing attacks, Tully advised that users should always enable multi-factor authentication on all social and digital accounts, check to see if accounts have ever been compromised in a large-scale data breach by using a service like https://haveibeenpwned.com, be wary of too-good-to-be-true offers, especially when they involve sending cryptocurrency payments, and be vigilant when engaging with the social media accounts of legitimate cryptocurrency brokers or trading platforms, as they are frequently victims of convincing impersonations.