Dark web contest posts $115K bounty for next big crypto hack

Fake blockchains, botnets, and manipulated APIs are just some ideas put forward in a contest to find the dark web's next top crypto hacker.

Fake blockchains, botnets, and manipulated APIs are just some of the ideas would-be cybercriminals have pitched in a competition to find the next big crypto hack.

The contest — hosted by a top Russian-language dark web forum — has for the past few weeks scoured the hacker community for the most imaginative ways to steal or disrupt crypto private keys, smart contracts, and even NFTs.

If becoming the next big thing in the world of crypto crime isn’t enough, the best ideas stand to win a share of $115,000, reported Hacker News.

According to the outlet, members of the forum are can vote on their favourite submission.

Frontrunners so far are a dodgy blockchain site that captures sensitive information and a plan to boost hashrates of mining farms and botnets.

Crypto hacker ecosystem is cybersecurity’s evil twin

Cybersecurity outfit Intel 471 first broke word of the competition earlier this week. It’s scheduled to run until September 1.

In an interview with Protos, Intel 471 chief information security officer Brandon Hoffman said such contests point to maturing in the cybercrime world.

Hoffman suggested they pose a very real threat to crypto traders and companies.

“It’s quite telling how advanced and business minded the cybercrime community has become,” said Hoffman.

Hoffman noted the crypto hacking community is “clearly mimicking” the cybersecurity industry.

“Instead of finding methods to detect and prevent, they’re doing the polar opposite. There is a good chance that at some point in the future something submitted in a contest like this will get fully developed and weaponized.”

On ransomware, why are things so bad? h/t @ciaranmartinoxf
1) security posture of businesses making it too easy for the bad guys.
2) it's a profitable business model w/ low barriers to entry.
3) no meaningful consequences against the criminals or their hosts to date.
— Chris Krebs (@C_C_Krebs) June 3, 2021

Ransomware attacks are by far the most common kind of crypto-related hack in recent years.

Hoffman also explained how the industry has evolved. It’s become a fully-fledged economy of service providers, product designers and creators, financiers, brokers, marketplaces, infrastructure providers, and researchers.

And given the planning and refinement, it’s only natural organizers of these contests will be looking for very specific ideas.

“While not commonplace in a contest like this, the most worrying submissions would be those designed to simply create destruction,” said Hoffman.

“Fortunately, these submissions are not common and most here will be designed for financial gain.”

Black hats give white hats a chance

Hacking contests are a fertile breeding ground for the next wave of devastating crypto explots. But fortunately, they also provide good guys an opportunity.

“Observing these activities provides unique insight into the areas of technology that criminals are investigating for exploitation,” Hoffman told Protos.

“And while there is no way to directly link this research to the next wave of activity, it would be a good idea for defenders to take note of these areas and to place them on their radar.”