Ethereum Classic Wallet a Victim of Social Engineering

Users of the popular Classic Ether Wallet were urgently advised to refrain from accessing the service after a hacker managed to gain control over the website on June 29. The wallet system caters to the Ethereum Classic cryptocurrency (ETC), which is valued at US$18.15 at the time of writing. Reports from forums such as Reddit show that multiple victims lost thousands of dollars to the hacker. Note that Ethereum Classic is separate from Ethereum (ETH), a divergence triggered by a hacking incident that divided the Ethereum community.

According to the developers of Ethereum Classic, the hacker called the domain registry and impersonated the owner of Classic Ether Wallet to hijack the site (masquerading as an executive or higher-up is an old social engineering scam that is commonly used to gain valuable data). With this kind of access, the hacker was able to redirect the domain to his own server. The hacker also inserted code on the site that enabled him to copy private keys users typed into the site, allowing the hacker to siphon funds from the victims' accounts.

In response, the Ethereum Classic team quickly notified users of the compromise through Twitter and had the site blacklisted. Users were initially greeted by a blocked notification and phishing warning, but the site has since been taken down.

Social engineering and other threats related to cryptocurrency

It’s been reported that cryptocurrency users have been significantly impacted by social engineering scams. Typically, the scammer starts by impersonating a victim and getting a service provider to give access to a phone or device linked to multiple accounts. As soon as access is granted, the scammer locks out the victim and takes everything he can from the accessible accounts. This is particularly disastrous for cryptocurrency holders since fund transactions are essentially irreversible.

Apart from social engineering, more sophisticated threats are also on the landscape, especially since cryptocurrency use is becoming more mainstream. Attackers are not limiting their targets to wallets or individuals, but are using malware to infect systems and devices for cryptocurrency-mining.

As early as 2011, we detected an increase of hacking tools and backdoors related to bitcoin mining. Now, the threats have since become more advanced, with vulnerable Internet of Things devices coming to the fore as prime targets. From digital video recorders to routers and connected surveillance cameras, malware are trying to infect numerous devices to form large-scale bitcoin miners. In 2016, we detected an array of bitcoin-mining Windows devices, home routers and IP cameras. If these types of malware infect enterprise systems, it can impact productivity and capacity for operations, which can significantly hamper business.

Conclusion and best practices

Protecting both cryptocurrency, as well as enterprise systems, requires vigilance and proactive work:

  • As a user, enable 2FA on all your online accounts. While this doesn’t mean that your accounts are completely protected, it is a good first step.
  • Social engineering tactics are always evolving, but the key is to recognize the threat. For offline scams like what was described above, always compare the communication received with typical behavior, past experiences and industry standards before giving away valuable information or access.
  • For online social engineering scams, which are most commonly received through email, there are many ways to identify and mitigate these attacks.
  • As recommended by the Ethereum team, use a cold storage wallet, which is basically storing cryptocurrency offline in encrypted media, hard drive or USB drive, hardware wallet, paper wallet, or other such devices.
  • Also, do your best to secure third party services holding critical parts of your business. Make sure to put policies in place that protect access to your website and data storage.
  • For enterprises worried about their systems being impacted by cryptocurrency malware, regularly patching devices with the latest updates is advised.
  • Change your devices default credentials and enable device firewalls (especially for home routers).
  • Consult with IT administrators and security experts to put countermeasures and monitoring processes in place so you can prevent or mitigate advanced threats. 

Trend Micro Solutions

In addition to the best practices mentioned above, users can look into solutions such as Trend Micro™ Security and Trend Micro Internet Security, which offer effective protection for threats to IoT devices using security features that can detect malware at the endpoint level. Connected devices are protected by security solutions such as Trend Micro Home Network Security, which can check internet traffic between the router and all connected devices. In addition, enterprises can monitor all ports and network protocols to detect advanced threats and protect from targeted attacks via Trend Micro™ Deep Discovery™ Inspector.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.