Overview:
BTC.com has confirmed they suffered a cyberattack, which resulted in millions stolen.
Technical Summary:
One of the world’s largest cryptocurrency mining pools BTC.com has stated that it suffered a cyberattack. The attack resulted in a loss of $3 million worth of cryptocurrency assets belonging to customers and employees in the company. A press release by BTC stated the company lost around $700,000 worth of crypto owned by customers/clients and $2.3 million in digital assets. The attack was detected on December 3rd, 2022, BTC.com reported the incident to Chinese law enforcement authorities in Shenzen.
Attack Tactics, Techniques & Procedures:
Impact (TA0040)
– Data Manipulation (T1565)
– Data Destruction (T1485)
Reconnaissance (TA0043)
– Gather Victim Identity – Information (T1589)
– Gather Victim Identity Org Information (T1597)
Resource Development (TA0042)
– Compromise Accounts (T1586)
– Compromise Infrastructure (T1584)
Credential Access (TA0006)
– Exploitation for Credential Access (T1212)
Initial Access (TA0001)
– Valid Accounts (T1078)
Affected Assets & Organizational Impact:
BTC was about $3 million worth of crypto/digital assets. Both customers and employees of the company were affected by this breach. BTC is the seventh largest crypto mining pool in the world and with that, they are a vital target for cyberattacks.
Mitigation & Response:
After BTC detected the attack they reported the incident to Chinese law enforcement authorities in Shenzen. Since the breach, the company has recovered some of the stolen cryptocurrency but the total amount stolen still is yet to be disclosed. December 23rd is when authorities opened an investigation and began collecting evidence. BTC has also implemented technology to better block and intercept attacks from hackers. The business is operating as usual and apart from its digital asset services the client fund service side has not been affected. However, there is currently no information on how the threat actors were able to steal the cryptocurrency or if any data or personal information was stolen in the incident.
Sincerely,
Dominic Alegrete
#CyberXE #CyberLeadersStartHere