ESET And Dutch Police Uncover Ebury Botnet’s Crypto Theft Operation

Crypto fraud Ebury botnet PeckShield
Last updated:
Author
Author
Jimmy Aki
About Author

Jimmy has nearly 10 years of experience as a journalist and writer in the blockchain industry. He has worked with well-known publications such as Bitcoin Magazine, CCN, and Blockonomi, covering news...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

Slovakian cybersecurity firm ESET and the Dutch police uncovered a major crypto theft linked to the notorious Ebury botnet last week. The botnet has compromised over 400,000 servers in the past 15 years, making it a major threat to the sector.

ESET explained in a May 14 report that the Ebury botnet incident was first uncovered during a 2021 investigation by the Dutch National High Tech Crime Unit (NHTCU).

Ebury Botnet Operators Used AitM Attack to Steal Funds

The operatives found that the cybercriminals had been involved in a series of crypto thefts, specifically targeting Ethereum and Bitcoin nodes. According to the Dutch police, Botnet operators steal assets from unsuspecting users’ wallets when they enter their credentials on the infected servers.

The Ebury botnet, active since at least 2009, is used to deploy additional malware, monetize the botnet (such as modules for web traffic redirection), proxy traffic for spam, perform adversary-in-the-middle (AitM) attacks, and host supporting malicious infrastructure.

Ebury botnet

AitM attacks involve intercepting and potentially altering the communication between two parties without their knowledge.

Between February 2022 and May 2023, the Ebury botnet compromised over 200 AitM attack targets across 75 networks in 34 countries. It stole cryptos, credentials, and credit card details, accumulating large sums of money over time.

The access enables them to steal funds directly from these wallets or use compromised systems to mine cryptocurrencies, siphoning off resources from unwitting victims. The botnet’s ability to stay undetected for long periods allows it to continue its operations, accumulating large amounts of cryptocurrency over time.

Crypto Theft on the Rise

The Ebury botnet’s ability to compromise many servers has created the go-to malware needed to facilitate large-scale cryptocurrency theft, which is already rapidly increasing.

Recall that PeckShield’s data shows that $336.8 million of crypto funds were stolen in the first quarter (Q1) of 2024. The Certik Hac3d Report also revealed that Q1 2024 recorded substantial losses, exceeding $500 million due to cryptocurrency theft, however. This figure marks a 54% increase compared to the same period in 2023, which saw losses of about $326 million.

Certik’s report highlighted that January 2024 was particularly severe, with $193 million stolen across 78 incidents. Private key compromises were especially notable, resulting in the loss of $239 million across just 26 incidents.

These breaches, targeting the unique keys that individuals use to access their cryptocurrency holdings, accounted for nearly half of all financial losses despite making up only 11.7% of all reported security breaches.

More Articles

Blockchain News
Indian Crypto Exchange Mudrex Halts Crypto Withdrawals, Faces Community Backlash
Sujha Sundararajan
Sujha Sundararajan
2025-01-13 07:00:10
Bitcoin News
JPMorgan CEO Jamie Dimon Compares Bitcoin to Smoking
Shalini Nagarajan
Shalini Nagarajan
2025-01-13 06:07:31
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors