Source: https://cobaltstrike.net/2022/02/26/530338-php/
An employee of the 2gether cryptocurrency exchange was found guilty of stealing $7 million from the company. He downloaded a pirated movie in which the malware was hidden. The malware penetrated the exchange’s systems and allowed the hacker to steal more than $7 million in BTC and ETH.
As reported in the official statement of the Spanish police, the team of the Cybercrime Department arrested five people suspected of hacking.
Although the investigation and arrests took place this week, the attack on the Madrid startup 2gether, specializing in the purchase, sale and storage of cryptocurrencies, occurred at the end of July 2020. During the operation called 3Coin, the police discovered that the attackers used a computer virus such as a Remote access Trojan (RAT) to access the internal network of 2gether. Although the employee gave hackers access to the company’s network, the attackers spent about six months analyzing the exchange’s activities before committing the theft.
“As soon as they learned all the procedures, characteristics and structure of the company, hackers gained access to the system using a connected computer network to initiate the transfer of assets to a wallet controlled by them,” the police said in a statement.
During the investigation of the company’s computers, the police managed to identify the operator of the website that controlled the malware. Subsequently, investigators found four more people who allegedly got part of the stolen cryptocurrencies.
The 2gether hack affected about 5.5 thousand users trading on the platform. The company had to face several complaints from victims and even an attempt at a class action.