ESET, a cybersecurity company based in Slovakia, partnered with the Dutch police to uncover a major cryptocurrency theft operation related to the infamous Ebury botnet. Over the past 15 years, the botnet has compromised more than 400,000 servers, posing a significant threat to the industry.
According to a report released by ESET on May 14, the Dutch National High Tech Crime Unit (NHTCU) first discovered the Ebury botnet incident during an investigation in 2021.
The investigation revealed that the cybercriminals behind the botnet had been carrying out a series of crypto thefts, with a specific focus on Ethereum and Bitcoin nodes. The Dutch police stated that the botnet operators would steal assets from unsuspecting users’ wallets when they entered their login details on infected servers.
The Ebury botnet, which has been active since at least 2009, is not only used to deploy additional malware but also to monetize the botnet through modules for web traffic redirection, proxy traffic for spam, and perform adversary-in-the-middle (AitM) attacks. AitM attacks involve intercepting and potentially altering communication between two parties without their knowledge.
Between February 2022 and May 2023, the Ebury botnet targeted over 200 AitM attack victims across 75 networks in 34 countries. During this time, it stole cryptocurrencies, credentials, and credit card details, accumulating significant sums of money.
The botnet’s access to compromised systems allows the operators to directly steal funds from wallets or use the systems to mine cryptocurrencies, siphoning resources from unsuspecting victims. The botnet’s ability to evade detection for extended periods enables it to continue its operations and amass large amounts of cryptocurrency over time.
The Ebury botnet’s ability to compromise numerous servers has made it the preferred malware for facilitating large-scale cryptocurrency theft, which is on the rise. In the first quarter of 2024 alone, PeckShield’s data shows that $336.8 million worth of crypto funds were stolen. The Certik Hac3d Report also revealed that cryptocurrency theft resulted in losses exceeding $500 million in Q1 2024, marking a 54% increase compared to the same period in 2023 when losses amounted to approximately $326 million.
The report by Certik noted that January 2024 was particularly severe, with $193 million stolen in 78 incidents. Notably, compromises of private keys resulted in losses of $239 million across just 26 incidents. These breaches, which target the unique keys individuals use to access their cryptocurrency holdings, accounted for nearly half of all financial losses despite representing only 11.7% of reported security breaches.
For more news, follow us on Google News.
