More than $1.67 billion worth of cryptocurrency has been exfiltrated across nearly 200 heists between January and March, which is not only 303% higher than the fourth quarter but also the highest amount of pilfered digital assets on record, Infosecurity Magazine reports.
Most of the increase in stolen crypto assets last quarter was fueled by the massive Bybit attack in late February that resulted in the loss of over $1.4 billion, with intrusions against Phemex, 0xInfini, MIM Spell, and zklend recording the next highest losses, according to an analysis from blockchain security firm CertiK. Threat actors who sought to compromise cryptocurrencies and blockchains mostly targeted Ethereum, followed by the Binance Smart Chain, Arbitrum, and Tron, while wallet compromise was the most impactful attack vector despite only being leveraged in three crypto-targeted intrusions. Such findings should prompt blockchain firms to be more proactive in their security, said CertiK co-founder Ronghui Gu.
The operation, a collaboration between Poland's Cybercrime Bureau (CBZC) and U.S. agencies including the FBI and Homeland Security Investigations, targeted a group accused of breaching telecommunications partners and hijacking email accounts.
CL-STA-1062 employs a hybrid toolkit, combining open-source tools like SoftEther VPN, Mimikatz, and VNT with a newly discovered custom backdoor named TinyRCT.
STOCKSTAY, written in .NET and utilizing the Windows Forms framework, communicates with its command-and-control (C2) server via a secure WebSocket connection.
