Cryptocurrency platform BTC-Alpha was hit by a ransomware attack earlier this month, and the company's founder accused a rival.
The reports of a potential attack came to light last week when threat intelligence firm DarkTracer shared an image of a public leak site operated by the Lockbit ransomware group that claimed to have encrypted BTC-Alpha's data on Twitter.
The ransomware group threatened to make the stolen information public if a ransom was not paid by December 1. That same day, Vitalii Bodnar, founder, and CEO of BTC-Alpha issued a press release on PRLeap alleging that a rival cryptocurrency firm carried out the attack. However, the cryptocurrency exchange did not issue a public statement on its website.
In a Telegram conversation with SearchSecurity, BTC-Alpha acknowledged it was "hacked in the beginning of November" and the normal service at the U.K.-based cryptocurrency exchange had already restarted. "Vitalii Bodnar feels like a competitor was responsible for the attack," Alpha stated when questioned regarding Bodnar’s PR Leap statement.
While the firm has not disclosed which competitor it believes is behind the attack, further details on the incident have been provided on the exchange’s official Telegram channel.
Once normal services were restored, BTC-Alpha advised users to follow precautionary measures. This involved updating the app, authenticating accounts, and confirming the verification when withdrawing cash, as well as establishing new API keys because the old ones were removed.
According to a Telegram video posted by Bodnar, all customers of BTC-Alpha will be "forced to use two-factor authentication" (2FA), which is now obligatory. Furthermore, the cryptocurrency strongly recommends against using an old password because they "find it as compromised."
While it does not seem that cryptocurrency exchanges are frequently targeted by ransomware, Emsisoft threat analyst Brett Callow claims this is not the first instance. Several security flaws issues regarding the BTC-Alpha case remain unanswered, including whether file-encrypting ransomware was used and what types and volumes of data were taken.
According to Dirk Schrader, global VP of security research at Netwrix, crypto platforms are the victims of their own making. The U.S. government is also issuing sanctions on cryptocurrency platforms in an attempt to counter ransomware gangs, which depend on exchanges and mixers to move and hide ransom payments.
"Attacking a competitor in a largely unregulated environment bears no risk of prosecution. The players in the field are already used to ‘wild west’ manners, given the fact that a sizeable portion of the transactions in those exchanges is related to shady or criminal activity. Becoming a target of a ransomware attack when operating in this space can have a multitude of motives: damaging a competitor is one, sending a message to all in the space can be another,” Schrader stated.