A successful attack OKEx 5 exchange hackers had also prevented the assassination of Jin Zhengen “released”

Author Qin Xiaofeng, Lu Xiaoming |, snow Jiao

Recently, a number of encryption currency exchange theft.

It is reported that the early morning of March 24th, Singapore encryption currency exchange DragonEx hacking, lead users and platform of digital assets stolen, preliminary estimates of the total assets of over RMB 40 million damaged platform; in March 26th, Singapore BiKi encryption currency exchange also suffered attacks, some users in the platform account hijacked by hackers, it is unclear the specific amount of money involved and the number of users.

However, the two attacks are only part of the hacker attacks the iceberg, they always did not stop the pace of attack.

360 security experts to the daily planet Odaily said that the recent emergence of the attack the same hacker organization for Lazarus. From the beginning of last year, the hackers will get angry at currency, coins, an OKEx and DragonEx exchange, and successfully attacked 5 exchanges.

OKEx suffered phishing attacks

“The OKEx has now contacted us and want to know more details of attack.” 360 security expert Odaily said to the daily planet. “According to our sources, this year 1 month, OKEx trading platform has been successfully carried out phishing attacks of hackers.”

The so-called “phishing” refers to the disguise can trust the person or organization, by e-mail, communication software, social media channels to victims of the attack process in real time.

According to the 360 security said that the implementation of the OKEx hacker phishing attack is mainly aimed at the people, is no longer easy to send spam, more important is to obtain trust.

First of all, hackers will exchange internal architecture clear investigation, “to CEO, the ordinary customer service to a target, they are.”

Then, to disguise the identity for individuals, and for a long time to communicate with the official staff, the maintenance contact lasted for half a year.

In the internal personnel after defrauding trust, hackers will use office 0day vulnerability questionnaire and other malicious documents, official opening a malicious document trick trick. “All friends, who will guard against heart so strong?” 360 security experts said.

Of course, the attack is not limited to office documents, digital currency hackers may add malicious code to the exchange staff recommended the automated trading software, to make the relevant personnel move. 2018 years 10 months to start to prepare, for as long as half a year after the operation, and finally in this year 1 and 3 month net.”

After a successful attack, in the cloud can move the exchange control computer, get all kinds of information they want, including user account password, etc..

“There are no measure of the success of OKEx and many other exchange stealing coins, how much loss, because after a successful hacker penetration attack operation is the exchange network.” 360 security experts said the fire coins, currency security has become the target of the attack, and in addition to the OKEx exchange, full of coins, DragonEx, fupite trading platform has been successfully penetrated the hacker group Lazarus.”

360 security experts said, in the face of this kind of national exchange Lazarus hackers, most powerless. “This is not for the small and medium-sized enterprise hacker organization, they will conduct a long time planning and careful arrangement in advance, most enterprises have not lived.”

Hackers attacked Lazarus

360 that launched this attack is the hacker organization APT-C-26, namely Lazarus (transliteration “Lazarus”). APT-C-26, is a security ring to hacker organization named APT-C-01, is the poison cloud rattan tissue; APT-C-27 golden hamster organization; APT-C-35 belly brain worm tissue.

According to CSDN and other public information, APT (Advanced Persistent Threat) refers to advanced persistent threats, a network attack, has lasted for a long time, difficult to detect and attack target feature.

Before senior mainly APT attacks in the APT attack to attack the business process and the target system for accurate collection.

According to the 360 previous press release, Lazarus since 2009 has been active in the APT organization. According to foreign security company survey, the organization may be associated with the following actions: 2007 for the South Korean government website DDOS attack “Operation Flame” in 2014, SONY pictures attack in 2016, Bangladesh Bank information disclosure, in 2017 the global “Wannacry” virus. The United Nations Security Council report also said that the Coincheck five encryption currency exchange their for theft.

Among them, the more interesting is the SONY attack event: hacker motives are unclear, but the action and the upcoming film “Interview”, the film depicts against North Korean leader Kim Jeong-eun’s assassination; once this issue, hackers threatened action against terrorism. Cinemas decided to abandon the scheduled opening day (December 25th) the screening of the film, the film’s plans to issue SONY has completely removed, then decided to re release. The United States has 315 smaller theaters willing to risk the screening of the film at the same time, SONY will also direct use of online digital distribution. This incident makes many people guess the hackers from North korea.

The 360 said, in order to obtain the original government, military intelligence, destruction of critical infrastructure and the normal operation of the network of large-scale hacker organization Lazarus, has recently been turn to more economical target financial institutions, digital currency, casino, participation in financial trading software development company.

Security, currency exchange circle has yet to get rid of the nightmare

Hackers never sleep, those funds collection places are always the target for hackers. Exchange is the largest Coin Ring cornucopia, is the main position of the battle of nature.

Lazarus attack OK, DragonEx and other exchanges of this event, once again sounded the alarm for the money. Although, had been repeatedly “baptism of blood” experience money over the years from the circle, let bitcoin fell 1/3 Mentougou stealing coins case, to make Ethernet square directly The DAO bifurcation of emergency events, people in the process of using the block chain infrastructure in still unable to shake off the nightmare of malicious attacks.

Perhaps, in a very long period of time, we are lack of high security state in block chain. As a user, we should be careful to choose a high level understanding of our security exchange, and make some measures to hedge its. For example, pay close attention to the existing use of exchange abnormalities, such as abnormal return, hot and cold wallet address has been tampered with, often to find abnormal accounts reconciliation.

Leave a Reply

Your email address will not be published. Required fields are marked *