Cybercriminals are running an online competition offering big prizes to anyone who believes they have found an unusual way to help crooks steal cryptocurrency.

As security researchers at Intel471 describe, an underground cybercrime forum popular with cybercriminals has issued a call for papers that will describe “unorthodox ways to steal private keys and wallets, unusual cryptocurrency mining software, smart contracts, non-fungible tokens (NFTs) and more.”

It sounds very similar to the type of call-for-papers made in the run-up to a big cybersecurity conference, but this is being run for the benefit of criminals not for bettering the security and privacy of computer users.

The likes of the RSA Conference brings researchers together from around the world, in their search for new methods to detect and protect against attacks. A contest like this run by a cybercrime forum aims to do the opposite.

A prize fund of $100,000 was announced for those who win the competition, with an additional $15,000 being offered by a member of the forum.

According to researchers, malicious hackers have been busy submitting their “papers”. Amongst those already seen are descriptions of how to create a phishing site that can steal the keys to a digital wallet, and ways in which the APIs of cryptocurrency-related services can be manipulated to reveal sensitive information.

In an ideal world you would like to imagine that anybody who uncovered a security hole would report it to the service, with a thought of possibly receiving public thanks or even a bug bounty.

However, the explosion of interest in cryptocurrency and NFTs has clearly not gone unnoticed by cybercriminals who are looking at opportunities to steal from organisations and individuals who have not taken adequate measures to defend themselves.

No doubt some bug hunters who would have been nervous about (Read more...)