by Kapua Iao
Article filed in
Spear phishing scheme steals $1.7M in NFTs from a Crypto VC
by Kapua Iao
Hackers recently stole millions in NFTs from a Crypto VC through a spear phishing scheme.
A Crypto VC (or venture capitalist) is a private equity investor. In March 2022, DeFinance Capital, founded by Arthur Cheong, had about $1.7 million worth of NFTs stolen via social engineering.
While not directly connected to the healthcare industry, all organizations should pay attention to such cyberattacks. How did this data breach happen and how could someone stop a similar attack in the future?
Healthcare covered entities and their business associates must take note of cyber schemes and how to mitigate them, such as with HIPAA compliant email.
An unknown hacker began draining NFTs from an Ethereum wallet owned by Cheong. Ethereum wallets interact with an Ethereum account, which is an internet banking app.
“We’re not sure what happened, need to take time to figure it out,” Cheong tweeted. “Guess no more hot wallet usage then.” A hot wallet is always connected to the Internet and therefore more susceptible to a breach.
NFTs reported as stolen (and sold in online marketplaces) include 17 Azuki, 5 CloneX, 2 Hedgies, and 33 Second Self. The threat actor also transferred other tokens like wrapped ether, Lido DAO Token, LooksRare, and DYDX. The cyberattacker’s wallet currently holds about 585 ETH ($1.7 million); the hacker may still be moving funds.
This isn’t the first attack against a high-profile crypto investor and likely won’t be the last.
SEE ALSO: Cryptocurrency
In January 2022, North Korean hackers stole large amounts of cryptocurrency from firms like Digital Currency Group. Details are still emerging about this most recent attack. Cheong says that he will contact those who purchased his stolen NFTs sometime soon.
Social engineering and spear phishing
The hacker targeted Cheong in a spear phishing email that he thought came from a company DeFinance Capital invested in. And within the email was a shared document called “A Huge Risk of Stablecoin (Protected).”
Cheong clicked on the attachment, downloading malware and giving the hacker access to his wallet.
Social engineering is the art of manipulating human psychology for one’s own gain. It is often used in phishing email attacks because it focuses on the weakest link within any organization: human error.
Spear phishing is targeted and personalized, often fixated on a specific person or specific group of people. In this case, the email was geared to Cheong who unfortunately fell for the scheme.
Cheong later discovered that an advanced persistent threat (APT) group, BlueNoroff, was likely responsible. The group is known for its social engineering tactics. No attack by BlueNoroff is known against healthcare, but that doesn’t mean it hasn’t or won’t happen.
Spear phishing, healthcare, and cybersecurity
Cybercriminals target the healthcare industry, with its rich protected health information (PHI), because it is smart business. And given the tired, stressed staff in most healthcare organizations, they know that an email scheme more than likely works.
In 2015, an Anthem Inc. employee fell for a spear phishing email. The healthcare organization ended up paying $16 million in HIPAA fines and $115 million to a class-action lawsuit. And Anthem continues to face issues and penalties.
Rather than deal with such costs, organizations must utilize strong cybersecurity, such as employee awareness training, from the start. And given the continuous use of phishing, especially against covered entities, a solid email security program.
This means employing access controls (e.g., multi-factor authentication) and data loss prevention (DLP) rules. Moreover it means using email filters, firewalls, and antivirus software.
And it also means ensuring end-to-end email encryption.
Paubox Email Suite Plus—defend your email
Spear phishing can and should be blocked with a strong defense system like that offered by Paubox Email Suite Plus.
Our HIPAA compliant email solution impedes such techniques as spoofing and provides up-to-date protection with ExecProtect. It also delivers robust inbound security with our Zero Trust Email feature. Zero trust adds phishing, spam, virus, and ransomware defenses to stop threats before they even reach an inbox.
Paubox Email Suite Plus lets healthcare providers send encrypted email. There is no need for a patient portal or extra login to safely communicate. In fact, Paubox seamlessly integrates with popular email providers such as Google Workspace and Microsoft 365.
Hackers and APTs use phishing to access a system and steal, encrypt, or destroy information. For healthcare organizations tasked with caring for patients and safeguarding PHI, a breach could be the difference between life and death.
Rather than let this happen, organizations must understand all risks and how to mitigate them. And in this case, always think about the email you received before you click.