Hackers Used Microsoft Email Addresses to Steal Users’ Crypto Funds
Crypto hackers have turned their attention to Outlook, MSN and Hotmail—three email services owned by tech giant Microsoft. According to a report published on tech news media Vice on April 30, multiple cryptocurrency holders, who were affected by a recent hack, have alleged that the hackers also stole their crypto holdings.
Trouble started when hackers gained access to the account of a customer support employees at Microsoft. Citing an Email from a Microsoft spokesperson, a separate report by TechCrunch revealed that the criminals found it easy to access customer accounts using the login details of the tech company’s login details. What they found was a treasure trove of data which was used to siphon users’ crypto funds.
Complaints from all corners
A Dutch tech forum carried the complaint of a victim, named Jevon Ritmeester, who alleged to have lost 1 Bitcoin (BTC) (worth about $5,200 as at press time) to the attack.
According to Ritmeester, he tried logging into his account on Kraken and upon finding that his account wasn’t accessible, he found that there were several “login changes” notifications in his Email trash compartment. He also found that all Emails that mentioned Kraken were automatically moved to his trash folder. For most crypto investors who haven’t activated a two-factor-authentication (2FA), once a password reset is sent to the mail, the funds are as good as gone.
Ironically, Kraken only just announced that it would be initializing 2FA last month, so it couldn’t have been so difficult for the hacker to have gained access to his Kraken account.
Reddit, a separate forum, also carried various complaints of victims who experienced similar situations. For instance, a user known as Shinatechlabs claimed to have lost “25,000” worth of digital assets as a result of the breach, but he declined to provide further details on how or when it happened.
Microsoft seemed to have missed it
To paper over the cracks, Microsoft did what large corporations do best. They issued a statement to calm fraying nerves. Microsoft sent an initial Email to the affected users, assuring them that critical information was safe. The company noted that, while the hackers got hold of the Email addresses, folder names, Email subject lines, and the Emails that they communicated with, Email content- including login credentials, passwords, and attachments- were out of their reach
However, events that happened since then have shown that this is contrary to the case. The issue of keeping cryptocurrencies safe online is one that keeps investors and crypto exchanges awake all night. One security measure that is highly recommended is the 2FA, which requires the investor to retrieve a passcode sent to their phone before they can access their cryptocurrencies. The recent cases of sim swapping have shown us just how easy it is to bypass that measure. For a lot of people, storing their funds in a cold wallet with strong private keys is secure enough—not anymore.
The blockchain bandit
On April 23, security consulting firm Independent Security Evaluators (ISE) published a report about the “blockchain bandit,” a cybercriminal who had so far been able to steal up to 44,744 Ether (ETH) tokens by guessing weak private keys. While one might think that guessing a private key correctly is a “one in a million” move, ISE reported that this criminal had been able to guess about 735 private keys, all of which gave him unrestricted access to the accounts of his victims.
Adrian Bednarek, a Senior Security Analyst at the firm, reported that he came across the criminal by accident. He pointed out that as opposed to accessing these accounts by brute hacking, the criminal simply generated faulty random numbers and looked for faulty code. From there, Bednarek noticed that some of the wallets that were linked to the private keys recorded large debit transactions into a single address.
He predicted that the hack could have resulted from a defect in the underlying codes of the software used in generating them. However, it could also be possible that the hacker used some of the most common passphrases (such as 12345, 0000, abc123, etc.) on multiple private keys and somehow, got lucky.
Gloss