📰 Table Of Contents
Cryptowire Unveils Major Crypto Theft Linked to Ebury Botnet
Slovakian cybersecurity firm ESET and the Dutch police recently uncovered a significant crypto theft associated with the notorious Ebury botnet. This botnet, which has compromised over 400,000 servers in the past 15 years, poses a serious threat to the sector.
Ebury Botnet Incident Discovery
In a report released on May 14, ESET revealed that the Ebury botnet incident was first brought to light during a 2021 investigation by the Dutch National High Tech Crime Unit (NHTCU).
AitM Attack Used for Stealing Funds
The cybercriminals behind the Ebury botnet were found to be engaged in a series of crypto thefts, with a focus on Ethereum and Bitcoin nodes. The Dutch police explained that the botnet operators exploit unsuspecting users’ wallets by stealing assets when credentials are entered on infected servers.
The Ebury botnet, operational since at least 2009, is utilized for deploying additional malware, monetizing the botnet through modules like web traffic redirection, proxying traffic for spam, executing adversary-in-the-middle (AitM) attacks, and hosting supporting malicious infrastructure.
Impact and Reach of Ebury Botnet
Between February 2022 and May 2023, the Ebury botnet compromised over 200 AitM attack targets across 75 networks in 34 countries. It pilfered cryptocurrencies, credentials, and credit card details, amassing substantial sums over time.
This access allows the cybercriminals to directly steal funds from wallets or utilize compromised systems for cryptocurrency mining, draining resources from unsuspecting victims. The botnet’s ability to operate covertly for extended periods enables it to continue its activities and accumulate significant amounts of cryptocurrency.
Rise in Crypto Theft
The Ebury botnet’s capability to compromise numerous servers has positioned it as the preferred malware for facilitating large-scale cryptocurrency theft, a trend that is rapidly escalating.
Recent data from PeckShield indicates that $336.8 million in crypto funds were stolen in the first quarter of 2024. The Certik Hac3d Report further disclosed that Q1 2024 witnessed substantial losses exceeding $500 million due to cryptocurrency theft, marking a 54% increase compared to the same period in 2023, which saw losses of about $326 million.
Notably, Certik’s report highlighted the severity of January 2024, with $193 million stolen across 78 incidents. Private key compromises were particularly significant, leading to a loss of $239 million in just 26 incidents. These breaches, targeting the unique keys individuals use to access their cryptocurrency holdings, accounted for nearly half of all financial losses despite representing only 11.7% of reported security breaches.