Hacker forum contest gives $100K for new ways to steal digital assets
The administrator of a Russian-speaking cybercriminal forum has held a contest for the community to share uncommon methods to target cryptocurrency-related technology.
Members of the forum had one month to submit their papers and enter a competition that promised more than $100,000 in prizes.
Eyes on digital assets
The announcement came on April 20 and asked for research papers that explored various ways to steal private keys and cryptocurrency wallets, uncommon mining software, smart contracts, or non-fungible tokens (NFTs).
In a report today, threat intelligence company Intel 471 notes that after the initial post from the administrator, another forum member added $15,000 to the initial prize pool.
Incentivized by the increased prize value, multiple members of the community started to share their papers, Intel 471 says.
“One entry looked at manipulating APIs from popular cryptocurrency-related services or decentralized-file technology in order to obtain private keys to cryptocurrency wallets” – Intel 471
Another forum user detailed how to create a phishing site for grabbing the keys to the cryptocurrency wallets and the corresponding seed phrases, which are essential to recovering access to the digital wallet.
Focusing on cryptocurrency and associated technology makes sense these days. The rising price of digital coins and the explosion of the NFT market are too attractive for cybercriminals to pass.
Just like security researchers, cybercriminals also make an effort to stay at the top of their game by updating their methods and techniques or developing new ones.
Various underground forums have sponsored such contests before and even cybercriminal groups pitched in to gain new knowledge that could help with their attacks.
Intel 471 says that past calls for papers on two popular cybercriminal forums covered topics ranging from botnets, and ATM or PoS fraud, to fake GPS signals.
To spark interest, anyone submitting their paper was promised $50, while the “best research” got up to $10,000.
Ransomware groups like REvil and Lockbit have done the same, in an effort to find new avenues of attack and increase their profits.
Although these contests are not novelty, they show how cybercriminals have taken a business-like approach to their activity and also look for innovative or less common methods to target organizations and cash in as big as possible.