Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
Buyers should hurry as the group wants to empty out BTC-Alpha wallets.
Specialists of the DarkTracer company, which provides a platform of the same name for searching data (leaked files, hacked accounts, etc.) on the darknet, drew attention to an unusual announcement on the site of leaks of the cyber ransomware group LockBit. On the site where ransomware publishes the data of victims who have not paid the ransom, an announcement has appeared about the sale of the source code and the database of the cryptocurrency exchange.
According to the post, written in English, btc-alpha.com is the "European cryptocurrency exchange" of the next generation. According to LockBit, thanks to an insider who is still at the company, she was able to get her hands on the source code and the BTC-Alpha database, and has now listed them for sale for 100 bitcoins. However, the price is not final, the announcement says, and LockBit is ready to bargain. The group will make a deal with the one who offers the highest amount.
Source code and database may be sold separately. If they don't interest anyone, the group will publish them for free.
According to LockBit, the database contains information from 362,000 BTC-Alpha users, in particular, email addresses, names, residential addresses, passport numbers, phone numbers, password hashes, full AML / KYC data, and wallet data. According to the group, there are "interesting members of the government" among the clients of the exchange.
The "excellent" source code does not contain vulnerabilities, and the group got access to the exchange servers thanks to an insider. Whoever buys it will be able to create new exploits and continue to attack the exchange, launch their own legal or even fraudulent exchange. Buyers should hurry, however, as LockBit itself intends to empty the wallets of all BTC-Alpha users as soon as an insider gives the go-ahead.
Recently, the US government has stepped up its fight against cyber ransomware groups. Among other things, the US Treasury Department has imposed sanctions on cryptocurrency exchanges, which are used by cyber ransomware to obtain ransom from their victims.
In September 2021, sanctions were imposed on the Suex cryptocurrency exchange between 2018 and 2021 for helping ransomware operators and other cybercriminal groups in laundering illegal funds worth more than $ 160 million. In November, the Chatex cryptocurrency exchange was also sanctioned.
It is possible that by declaring that it had the source code of BTC-Alpha, the LockBit group decided to demonstrate in this way that it is not afraid of US government sanctions against cryptocurrency exchanges. However, as the case of the Groove "group" shows, not all information published by cyber ransomware can be trusted (later the creator of Groove admitted that there was no such group, and he invented Groove for the purpose of trolling Western media and security researchers).
We will remind, as the deputy director of the FBI cyber division Bryan Vorndran recently said, speaking to the US government, the activity of cyber ransomware is fueled by the high rate of cryptocurrencies, especially bitcoin (victims of ransomware, as a rule, pay the ransom in bitcoins).
Specialists of the DarkTracer company, which provides a platform of the same name for searching data (leaked files, hacked accounts, etc.) on the darknet, drew attention to an unusual announcement on the site of leaks of the cyber ransomware group LockBit. On the site where ransomware publishes the data of victims who have not paid the ransom, an announcement has appeared about the sale of the source code and the database of the cryptocurrency exchange.
According to the post, written in English, btc-alpha.com is the "European cryptocurrency exchange" of the next generation. According to LockBit, thanks to an insider who is still at the company, she was able to get her hands on the source code and the BTC-Alpha database, and has now listed them for sale for 100 bitcoins. However, the price is not final, the announcement says, and LockBit is ready to bargain. The group will make a deal with the one who offers the highest amount.
Source code and database may be sold separately. If they don't interest anyone, the group will publish them for free.
According to LockBit, the database contains information from 362,000 BTC-Alpha users, in particular, email addresses, names, residential addresses, passport numbers, phone numbers, password hashes, full AML / KYC data, and wallet data. According to the group, there are "interesting members of the government" among the clients of the exchange.
The "excellent" source code does not contain vulnerabilities, and the group got access to the exchange servers thanks to an insider. Whoever buys it will be able to create new exploits and continue to attack the exchange, launch their own legal or even fraudulent exchange. Buyers should hurry, however, as LockBit itself intends to empty the wallets of all BTC-Alpha users as soon as an insider gives the go-ahead.
Recently, the US government has stepped up its fight against cyber ransomware groups. Among other things, the US Treasury Department has imposed sanctions on cryptocurrency exchanges, which are used by cyber ransomware to obtain ransom from their victims.
In September 2021, sanctions were imposed on the Suex cryptocurrency exchange between 2018 and 2021 for helping ransomware operators and other cybercriminal groups in laundering illegal funds worth more than $ 160 million. In November, the Chatex cryptocurrency exchange was also sanctioned.
It is possible that by declaring that it had the source code of BTC-Alpha, the LockBit group decided to demonstrate in this way that it is not afraid of US government sanctions against cryptocurrency exchanges. However, as the case of the Groove "group" shows, not all information published by cyber ransomware can be trusted (later the creator of Groove admitted that there was no such group, and he invented Groove for the purpose of trolling Western media and security researchers).
We will remind, as the deputy director of the FBI cyber division Bryan Vorndran recently said, speaking to the US government, the activity of cyber ransomware is fueled by the high rate of cryptocurrencies, especially bitcoin (victims of ransomware, as a rule, pay the ransom in bitcoins).
