One of the largest cryptocurrency exchanges in the world, Bitvace, which was subjected to a powerful hacker attack on March 7, aimed at manipulating the Viacoin exchange rate, reported that Russian names appear in the investigation, but no one makes any sudden conclusions until the end of the investigation.
As stated in the interim report of the investigation, which assumes a generous reward for information that will help the investigation, on March 7, a large-scale attempt was made to manipulate and steal funds on Bitvace. Fortunately, the attack was not successful. The exchange was not compromised, as the hackers gained access to API keys from user accounts that were used to manipulate the market through a phishing attack.
“The attack was the result of an extended phishing operation targeting users by creating copies of our website to collect user credentials. Since the launch of Bitvace Hacker Bounty, we have collected a lot of information about this event. Among the information we have collected, there are some details that we believe will be useful for public review, ” the statement said.
Further, Bitvace provides a list of addresses where copies of the sites of cryptocurrency exchanges used in the phishing attack were posted. Interestingly, among them there are not only copies of Bitvace, but also Bitstamp, Bittrex, Coinone, Etherdelta, Gemini, HitBTC, Poloniex, as well as some other exchanges and cryptocurrency services.
Most of the domains are registered in 2 names: Sergey Kireev and Victoria Belinskaya. One of these registrars may also be linked to the creation of phishing copies of the Bittrex exchange in August 2017.
The IP address used to create API keys (22.214.171.124), according to the exchange, refers to Lipetsk. Bitvace admits that hackers may have used a VPN or other service to hide their real location, while noting that it is possible to say with a high degree of confidence that the attack originated from Eastern Europe.
The company also identified several suspicious Viacoin transactions that were made 1-2 hours before the incident. A total of 31 suspicious transactions totaling 4,000 VIA were detected. All of them were committed within 200 blocks.
Bitvace recalls that there is a $250,000 reward for information that will allow the attackers to be arrested.