Amongst the negative stories that appear in the cryptocurrency news cycle, one of the most common types concerns attacks by bad actors on either institutions or individuals. Sometimes a combination of the two.
Targeted attacks have been prominent in the news recently, such as those undertaken by the North Korea-linked Lazarus group against South Korean cryptocurrency exchanges and investors. Today, however, we are going to specifically look at one type of attack which falls into the semi-targeted category: Malware.
One of the more recent and notable examples of this was the Cryptohopper malware attack which occurred around this same time, last Summer (June 2019).
The Cryptohopper Malware Attack of 2019
In June last year, cryptocurrency trading bot service Cryptohopper issued a public warning regarding a phishing campaign in which bad actors imitate the brand’s official website’s / web platform, and attempt to infect users with “cryptocurrency malware” in addition to luring visitors into divulging sensitive personal login information for their accounts.
The statement warned users to check URLs of websites when they believe they are accessing official Cryptohopper resources, due to these imitation websites (often “misspelled” and suspiciously similarly named sites).
When a user visits one of these fake websites, a file containing a trojan virus is downloaded and automatically installed onto their desktop computer. This trojan virus is called ‘Vidar’ and once activated, it accesses and copies sensitive information from the victim’s device – mostly from the browser – including: payment details, cryptocurrency wallet private keys, and login credentials.
This is in addition to installing two more trojans called ‘Qulab’ which hone in on hijacking the computational resources of the victim’s device to mine cryptocurrency.
What is Cryptohopper?
Founded in September 2017, Cryptohopper describes itself as “the leading cryptocurrency trading bot”. It boasts a “community of over 200,474” users (“cryptocurrency traders”) and supports over 100 different cryptocurrencies including Bitcoin & Ethereum, via connectivity with “leading exchanges”.
Cryptohopper offers four tiers of membership, ranging from a free option through to an $83.25 monthly package. By linking their accounts from independent exchanges, users can also take advantage of a wide range of features such as:
- Portfolio management: users of Cryptohopper can manage all their funds in one place (on the Cryptohopper platform) and execute trades with a large range of available pairs.
- The ability to copy the activities of professional traders to take advantage of their expertise and well-honed trading strategies.
- Market-making and exchange / market arbitrage.
- Trailing stop loss
- Trading simulation and backtesting.
- High speed, automated crypto trading.
A lot of popular exchange platforms are supported, including Huobi, Poloniex, Kraken, Bittrex. Bitfinex, Coinbase Pro, Binance, and Binance.us; in addition to official partners: HitBTC, OKEX, KuCoin, and Bitvavo.
A crypto trading bot has the ability to fully automate the trading process. All work is undertaken by a bot rather than a human being – meaning all decisions made are based purely on computational calculations and predictions, which use quantitative statistics and machine learning.
There are other key features of Cryptohopper that we should talk about.
Firstly, Cryptohopper also includes a strategy designer: an easy to use strategy designer with a drag-and-drop interface which lets customers create custom indicators as well as create custom technical analyses.
The platform also gives users access to a social trading platform / marketplace, an affiliate program (including rewards distributed for referrals and social media promotion), and integrated tools for technical analysis (to gain competitive insights to inform trading strategies).
Cryptocurrency, Malware, and Phishing Schemes
Cryptohopper is just one website among many to be used and imitated by bad actors as a means of stealing user information and / or installing malicious software onto their devices.
In March of this year, a group which calls itself ‘xrplorer forensics’ published via Twitter that it believed it had discovered the existence of a fake extension for the Google Chrome web browser. This extension imitated the branding of the ‘Ledger’ hardware wallet brand to steal, allegedly, 1.4 million XRP tokens.
Back in September 2019, Binance announced that it was working closely with the UK Metropolitan Police (Cyber Crime Unit) to support in the investigation of a series of crypto phishing incidents associated with a potential 500k victims and over $51 million in losses. The suspected perpetrator of these thefts was a ‘Svetoslav Donchev’, who had been extradited back to his home country of Bulgaria on September 20, 2019.