Five individuals arrested for the hacking and millionaire theft from a cryptocurrency exchange platform

Spanish authorities announced the arrest of five people accused of hacking a cryptocurrency exchange company, an incident that resulted in the theft of more than €6 million. This is the first case of cryptocurrency fraud that Spain police have solved.

Reports suggest that the hackers in charge of this operation used a sophisticated variant of remote access Trojan (RAT), which allowed them to move laterally through the networks of the affected company. The characteristics of the attack indicate that there could be a group of advanced persistent threats (APT) behind this incident.

Investigators also believe it all may have started with an employee of this company downloading a pirated movie from an insecure website. This file contained a malicious payload that allowed hackers to take full control of the compromised networks. The download would have taken place more than half a year before the attack, allowing the attackers to know in detail all the internal processes of the platform in order to prepare the final intrusion.

The stolen cryptocurrencies were transferred to digital wallets controlled by the hackers, who waited up to six months to continue with the operation in order not to attract attention. Once this period had passed, they began to carry out multiple digital money laundering transactions.    

In addition to the five arrested, agents also identified the alleged operator of the illegal download website from which the malware that triggered the attack was distributed and four other individuals who would have received part of the stolen assets.

Once authorities had sufficient reasons, they obtained search warrants at four homes in the provinces of Tenerife, Bilbao and Barcelona, where four of the suspects were arrested and thousands of dollars in cash, electronic devices and some cryptocurrency wallets were seized. Just this week, in the last phase of the operation so far, another person has been investigated, who exercised functions of supervision of this fraudulent operation. 

The maximum penalty these individuals could reach if convicted is still unknown.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.