A crypto exchange employee downloaded a pirated movie resulting in its hack: €7 million loses

A Trojan malware hidden in a pirate movie was the point of entry to the IT systems of the cryptocurrency exchange platform 2gether, which suffered a hack and millionaire Bitcoin and Ethereum theft back in 2020.

In an official statement, Spanish Police reported that its team of the Cybercrime Department arrested 5 people allegedly related to the incident. Local media reported that it could be the first case of cryptocurrency theft solved by police in Spain.

The Madrid-based startup focused on the buying, selling and custody services of Bitcoin and other cryptocurrencies was the target of a cyber attack in late July 2020. Back then, its executives reported that the attackers stole a number of cryptocurrencies, mostly Bitcoin and Ethereum, worth up to $1.3 million Euros.

Through the implementation of Operation 3Coin, the police discovered that the attackers used a Remote Access Trojan (RAT) to access 2gether’s internal networks. The malicious payload reached the exchange’s system after an unsuspecting employee downloaded a pirated copy of a superhero movie and stored it in their work computer.

The attackers spent half a year spying on these networks to fully understand the operation of the exchange company as a preparation for the robbery. According to the official statement, “once they knew all the procedures, characteristics and structure of the company,” the hackers accessed the system using an interposed computer network to order the transfer of the compromised assets to a digital wallet under their control.

The investigation allowed authorities to identify and arrest the operator of the website from which the Trojan malware was downloaded. Subsequently, the researchers found the other 4 people involved in the electronic fraud scheme.

A sixth individual is being investigated by Spanish authorities, as he was allegedly “exercising control” over the leader of this hacking group “through the consumption of drugs linked to rituals such as the Bufo Toad” (alleged initiatory trip with a hallucinogen).

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.