Cybercriminals are running an online competition offering big prizes to anyone who believes they have found an unusual way to help crooks steal cryptocurrency.
As security researchers at Intel471 describe, an underground cybercrime forum popular with cybercriminals has issued a call for papers that will describe “unorthodox ways to steal private keys and wallets, unusual cryptocurrency mining software, smart contracts, non-fungible tokens (NFTs) and more.”
It sounds very similar to the type of call-for-papers made in the run-up to a big cybersecurity conference, but this is being run for the benefit of criminals not for bettering the security and privacy of computer users.
The likes of the RSA Conference brings researchers together from around the world, in their search for new methods to detect and protect against attacks. A contest like this run by a cybercrime forum aims to do the opposite.
A prize fund of $100,000 was announced for those who win the competition, with an additional $15,000 being offered by a member of the forum.
According to researchers, malicious hackers have been busy submitting their “papers”. Amongst those already seen are descriptions of how to create a phishing site that can steal the keys to a digital wallet, and ways in which the APIs of cryptocurrency-related services can be manipulated to reveal sensitive information.
In an ideal world you would like to imagine that anybody who uncovered a security hole would report it to the service, with a thought of possibly receiving public thanks or even a bug bounty.
However, the explosion of interest in cryptocurrency and NFTs has clearly not gone unnoticed by cybercriminals who are looking at opportunities to steal from organisations and individuals who have not taken adequate measures to defend themselves.
No doubt some bug hunters who would have been nervous about stealing from others using the techniques would have no qualms about sharing details of their discovery with a hacking forum (especially if there is the possibility of a substantial monetary prize).
In this particular competition, $10,000 is being offered from the prize pool for the “best research”, but seemingly anyone submitting a paper will receive at least $50.
It’s unclear whether the moderators of the hacking forum intend to exploit the research they are sent for their own criminal ends, offer it for sale to other crooks, or are simply running the competition to lure more hackers into joining their online community.
In the past hacking forums have run similar competitions calling for papers on topic such as ATM fraud and mobile botnets.
We would be wise to remember that cybercrime is always evolving, and that examples like this online contest really highlight just how sophisticated the industry of malicious hacking has become.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.