价值超40万美元的BTC或失窃 多家交易所遭邮件钓鱼攻击

 邮箱网  0条评论  6393次浏览  2019年06月25日 星期二 09:15

分享到: 更多

中国邮箱网讯 6月25日消息 近日,多家数字货币交易所向慢雾安全团队反映,其收到了敲诈勒索信息

敲诈者向交易所发送邮件或Telegram消息称,交易所存在漏洞,一旦被攻击,将导致平台无法被打开。若要获取漏洞报告,需向指定的地址支付BTC。然而,多家交易所表示其支付BTC后,对方只发送了初步的漏洞报告或没有回应。

慢雾合伙人兼安全负责人海贼王向巴比特表示,

“目前已有5家交易所向我们反映了这种情况,敲诈者使用不同的邮箱或Telegram ID,向交易所的相关负责人发送敲诈邮件,敲诈金额为0.1BTC至2BTC不等,并且使用的是不同的BTC地址。”

截至发稿,据不完全统计,敲诈者的Telegram ID有@zed1331@bbz12@samzzcyber,邮箱有mikemich@protonmail.com,BTC地址有3GQQt2zJnPAWvirym7pbwvNTeM5igGuKxy,该地址入账约43.45个BTC(约40.41万美元),如下图。

WX20190618-131749

截图自Blockchain.com

1.海贼王向巴比特提供了诈骗邮件原文(如文末附录所示),邮件称,“交易所存在‘Web服务整型溢出’漏洞,一旦被攻击,将导致Web服务器崩溃,最终无法访问.....我们能解决此类漏洞问题......若要获取漏洞报告,需支付2个BTC至指定地址。”

值得注意的是,该邮件还指出,“截至2019年3月1日,已获得了约10万美元的赏金,打赏机构包括KuCoin、CoinSwitch、Phantasma、PlatonFinance、Vulnerability Analysis、 STEX Exchange、XCOYNZ Project等。”

海贼王向巴比特透露,在与KuCoin交易所的相关负责人取得联系后,负责人表示确实有Telegram用户反映漏洞问题(如下图),但KuCoin并未支付2BTC赏金,提醒大家不要相信骗子。

 

未命名文件

 

截图由KuCoin相关负责人提供

 

还有一类与Linkedin相关的钓鱼邮件,大致内容如下:

Hey, We have found a nefty integer overflow vulnerability on => https://www.xxx.com

Attacker could alter webserver. I have experience working to upgrade security for large exchanges,like xxx, and would like to propose about this.

May we go on to demonstrate this vuln?

You can verify me as an security researcher on LinkedIn as follows: =>https://www.linkedin.com/in/xxxxx/

海贼王分析称,

“邮件包含一个 Linkedin链接,因为在Linkedin 平台上需要登录个人账号才能查看个人信息,所以当交易所工作人员登录自己的 Linkedin 账号,去查看提交漏洞人员(可能是钓鱼攻击者)的 Linkedin 账号信息时,攻击者也能查看到交易所工作人员的信息,从而获取其社交平台的其他信息。”

2.近几年,数字货币市场的资金量呈现井喷式爆发,以交易市场操纵风险、交易平台风险、诈骗风险、钱包风险为主的安全风险屡见不鲜。

除了上述的邮件钓鱼攻击外,其他类型的钓鱼攻击包括域名钓鱼(使用与官网相似的网址)、Twitter 1 for 10(支付0.5-10ETH返利5-100ETH)、假APP和假工作人员等。

所谓“钓鱼攻击”,指的是攻击者伪装成可以信任的人或机构,通过电子邮件、通讯软件、社交媒体等方式,以获取收件人的用户名、密码、私钥等私密信息。

海贼王认为,此次邮件钓鱼攻击事件中,部分交易所之所以上当受骗,主要由于交易所缺少专业的安全漏洞判断能力,信息孤立导致其无法对当前漏洞的整体情况作出准确判断。他说,

“对于交易所来说,不管对方是不是真的发现了漏洞,只要价格合适,都愿意花钱赌一把。如果赌对了,那么交易所就能少一次被曝光漏洞的公关危机,或少一次平台被攻击的可能;如果赌亏了,亏的也不多,可以承受。骗子就是利用了交易所的这种心理。”

对于初次遭遇钓鱼攻击的交易所,他建议,

“首先,不要一激动就打开攻击者发送的内容里面的任何链接或者文件,可能有木马病毒;其次,在攻击者没有确切告知漏洞细节之前,不要转给攻击者BTC;最后,如果有交易所无法准确判断和独自处理,可以联系安全公司协助处理。 ”

附(钓鱼邮件原文):

It's more like an vulnerability which allows an attacker to crash the webserver of the following website. "Integer -overflow" related. The attack vector itself holds a huge security risk, when exploited, the webserver could crash due to it, and eventually be unreachable. The flaw has been done through exploitable web elements on your website.

Our proposal is based on information-security (infosec) regarding cybersecurity.

Confidentiality: assist infosec wisely to implement firewalls, intrusion detectors and prevention technologies to ensure reliable provided service. (not actual server access required.)

Availability: In order to ensure that I would have infosecurity on redundancy and backups, when/if one of the servers is down, the second server would replace it and ensure that the services are up and running without any downtime.

General knowledge => This type of attack as demonstraded are based on exploiting website elements: these can include forms, direct webserver exploit, or DNS leaking for the actual backend server, which gives an malicious attacker multiple chances to work with.

We'd address the required knowledge needed to counter this type of threats.

These following items listed below are our main focuses what we will send reports to regarding, next to every "to be addressed" phase;

We have added in a short meaning on what does it include as can be seen.

• The audit process 1.1 Audit planning & preparation 1.2 Establishing audit objectives 1.3 Performing the review 1.4 Issuing the review report

• The audit System 2.1 Networking Security 2.2 Backend Installation / Security 2.3 API Audition 2.4 CDN + Anti malicious attacks protection 2.5 Code Audit: checking vulnerability in any PHP / ASP / JS code

Vouches by companies:

[Make sure to check the provided link for vouch.]

1. KuCoin => { https://i.imgur.com/y0AXMCn.jpg ]

2. CoinSwitch => https://i.imgur.com/l8D8g9p.jpg ]

CoinSwitch Contract example => https://i.imgur.com/P2hMNxD.jpg

3. Phantasma => https://i.imgur.com/y1QCOuL.jpg ]

4. PlatonFinance => https://i.imgur.com/189Ejdz.jpg ]

5. Vulnerability Analysis (just an example)

=>https://i.imgur.com/V0C19KZ.jpg

and many more.

6. STEX Exchange paid 3 BTC for our infosec and analysis: => https://m.imgur.com/18tAXah

7. Proof of Kucoin Payment to us: https://i.imgur.com/trBbVKP.jpg

8. XCOYNZ Project: https://i.imgur.com/UbUliaI.jpg

Proof of compensations: Different companies which some included be seen in multiple vouches above, have rewarded me almost total of [$ 102,783.91 USD on 01/03/2019 rate for security related bounties, cybersecurity, demonstrations, and different VA reports.

Blockchain URL: => https://www.blockchain.com/btc/address/3GQQt2zJnPAWvirym7pbwvNTeM5igGuKxy

Pricing for the Infosec/Audit offered: => 2 BTC

To make it clear the price will be one-time payment and afterwards there won't be any charge. You can consult us further at anytime.

标签:钓鱼攻击交易所BTC

我的评论:

请  后发表评论。