Binance’s chief security officer, Jimmy Su had an interview with an online news site alerting crypto users against hackers who target people with poor security hygiene. The CSO said a group of organized dark web hackers lurk in the shadows, looking to leverage the slightest security vulnerability to loot user crypto assets.

In the interview, Su noted that Binance saw numerous hack attempts on its network in its early years. But, these hackers have shifted their focus from crypto firms to end users.

Su Breakdowns The Layers In The Hacker Ecosystem

Phishing scams have become prevalent in the crypto space. In February, Trezor, a hardware wallet provider, warned users of a phishing scam designed by criminals to steal investors’ funds. The scammers deceive users into entering their wallet’s recovery phrase on a fake Trezor website.

Binance CSO Jimmy Su stated that the hacker community is well-established, operating under four layers, including intelligence gathers, data refiners, hackers, and money launderers.

The data gatherer is the first layer in the hacking community, which Su described as “threat intelligence.” Here cyber criminals and bad actors collect and collate illegally obtained information about crypto users. 

They create spreadsheets with details about various users. The information may include crypto-related websites the user frequents, their email addresses, names, and social media profile.

As Su explained, there is a market for selling this ill-gotten user information on the dark web. An April 24 research paper by data security provider Privacy Affairs disclosed that cybercriminals sell ill-gotten user account information on the dark web.

Another group of data engineers specializing in refining data purchases the ill-gotten user data. According to Su, this group analyzes the data set and sorts the crypto-related ones. The data engineers use scripts and bots to determine which exchange the crypto enthusiast uses.

They do so by attempting to create an account with the user’s email address. The criminals will know if the user is registered on the exchange if they get an error message saying the email address is already in use. 

The next layer is the phishing scammers or hackers who take refined data to create targeted phishing attacks. “Because now they know Tommy is a user of Exchange X, they can just send an SMS saying, ‘Hey Tommy, we detected someone withdrew $5,000 from your account; please click this link and reach customer service if it wasn’t you,” Su said.

Related Reading: Binance Australia Raided By Regulator In Dramatic Twist Of Events

The last step after stealing the funds comprises finding an escape route to avoid theft punishment. According to Su, the hackers could leave looted funds dormant for years before moving them to crypto mixers such as Tornado Cash.

“There are groups we know that may sit on their stolen gains for two, three years without any movement,” said Su. 

While there aren’t many measures to stop hackers, Su advises users to practice better “security hygiene” to protect that data from scammers.