A Trojan malware hidden in a pirate movie was the point of entry to the IT systems of the cryptocurrency exchange platform 2gether, which suffered a hack and millionaire Bitcoin and Ethereum theft back in 2020.

In an official statement, Spanish Police reported that its team of the Cybercrime Department arrested 5 people allegedly related to the incident. Local media reported that it could be the first case of cryptocurrency theft solved by police in Spain.

The Madrid-based startup focused on the buying, selling and custody services of Bitcoin and other cryptocurrencies was the target of a cyber attack in late July 2020. Back then, its executives reported that the attackers stole a number of cryptocurrencies, mostly Bitcoin and Ethereum, worth up to $1.3 million Euros.

Through the implementation of Operation 3Coin, the police discovered that the attackers used a Remote Access Trojan (RAT) to access 2gether’s internal networks. The malicious payload reached the exchange’s system after an unsuspecting employee downloaded a pirated copy of a superhero movie and stored it in their work computer.

The attackers spent half a year spying on these networks to fully understand the operation of the exchange company as a preparation for the robbery. According to the official statement, “once they knew all the procedures, characteristics and structure of the company,” the hackers accessed the system using an interposed computer network to order the transfer of the compromised assets to a digital wallet under their control.

The investigation allowed authorities to identify and arrest the operator of the website from which the Trojan malware was downloaded. Subsequently, the researchers found the other 4 people involved in the electronic fraud scheme.

A sixth individual is being investigated by Spanish authorities, as he was allegedly “exercising control” over the leader of this hacking group “through the consumption of drugs linked to rituals such as the Bufo Toad” (alleged initiatory trip with a hallucinogen).

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post A crypto exchange employee downloaded a pirated movie resulting in its hack: €7 million loses appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

It’s now legal to scrap LinkedIn users’ data for marketing purposes without their permission

The practice of data scraping has always been the subject of controversy,…

Notification no-nos: What to avoid when alerting customers of a breach

Facebook co-founder, Chairman and CEO Mark Zuckerberg arrives to testify before the…

Personal data of former and current students in New York public schools is leaked after the hacking of a widely used online grading and attendance system

The New York Department of Education has confirmed that the personal information…

Supply chain attacks show why you should be wary of third-party providers

What is a supply chain attack? A supply chain attack, also called…