CEO of the major crypto exchange Binance Changpeng 'CZ' Zhao took to Twitter to warn about the latest hack type targeting the cryptoverse - one executed by "the threat actor [with] broad knowledge of the cryptocurrency industry."
"Don't download files!", said CZ on Tuesday.
He went on to explain that users may receive a file from a friend, but that that friend may have already been compromised. This person may share "a weaponized Excel file" with the name "exchange fee comparision.xls", which contains a malicious code, among other threats, targeting crypto funds.
CZ referred to a Microsoft Security Threat Intelligence blog post published this Tuesday, which discusses "targeted attacks against the cryptocurrency industry."
The blog post states that, given the rise of the crypto market over the past several years, it hasn't attracted the attention of only investors - but of threat actors too, who directly target organizations within the cryptocurrency industry for financial gain.
They found that,
"Attacks targeting this market have taken many forms, including fraud, vulnerability exploitation, fake applications, and usage of info stealers, as attackers attempt to get their hands on cryptocurrency funds."
There are also novel tactics being developed, the report said, one of which was employed by a treat actor tracked as DEV-0139 (a designation as a temporary name given to an unknown cluster of threat activity until they are identified and named).
"We are also seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads," said the report.
DEV-0139 joined Telegram chat groups to target crypto investment companies. They facilitated
Read more on cryptonews.com