A threat actor claims to be selling unauthorized access to a cryptocurrency platform, presenting a significant security concern for the platform’s users and administrators.
The advertised access includes:
- System Administrator Panel: Full access to the platform’s administrative panel, granting extensive control over platform operations.
- RDP via VPN: Remote Desktop Protocol access facilitated through a Virtual Private Network, potentially allowing remote control over system devices.
- Device in the Domain: Access to a device within the platform’s domain, suggesting a deep penetration into the platform’s infrastructure.
- User Database: View-only access to the user database, including user portfolios, email addresses, phone numbers, and other sensitive information.
The security measures currently in place include VPN, Two-Factor Authentication (2FA), and ESET antivirus protection. The threat actor notes that while the access allows for extensive viewing capabilities, further escalation is required for direct withdrawal of funds or assets. However, specific details regarding these escalation procedures are reserved for private discussions with potential buyers, particularly those with high ratings or credibility.
In a bid to reassure prospective buyers, the threat actor offers Garant-Escrow services, providing a layer of protection for transactions. The price tag for this illicit access is set at $50,000, emphasizing the perceived value of such unauthorized entry into a crypto platform.
This situation underscores the critical importance of robust cybersecurity measures in the cryptocurrency industry, as unauthorized access and potential data breaches can have severe consequences for both users and platform operators.
