AhnLab Security Center


Rise in Cryptocurrency Brings Collateral Damage


Only a short while after the hacking of the world's largest cryptocurrency exchange, phishing attacks disguised as a cryptocurrency exchange were confirmed in Korea, which is one of the most active markets for cryptocurrency. In August 2017, Korea ranked top for its trading volume of digital currency exchanges around the world. Given the high volume of trading, the attack is expected to cause huge repercussions.


The email used in this phishing attack is shown in Figure 1. It grabs the attention of the user with the subject and content stating, "Withdrawal Confirmation" in Korean. The attacker illegally uses the name and logo of the Coinone, which is the most well -known cryptocurrency exchange in Korea to avoid the user's suspicion. If a user clicks the button marked in red below, he or she is directed to a phishing site disguised as a cryptocurrency exchange.



[Figure 1] Spam email in Korean, impersonating a cryptocurrency exchange


The page is cleverly disguised by using a domain similar to the actual exchange. As shown in Figure 2, the phishing site induces a user to login and when the personal account information is entered, it is transmitted to the attacker. This leaked information can lead to direct damage, such as monetary loss and also to secondary damage providing account information to access other websites.



[Figure 2] The phishing website disguised as Korea's cryptocurrency exchange


Attackers make bad use of popular trends. As cryptocurrency issues are rocketing closely related to economics, such as investments, attacks are expected to rise. To prevent damages from such attacks, extra cautions are required for users.