Hackers Break into Email and Telegram Accounts of 20 Israeli Crypto Executives

Cybersecurity firm Pandora recently said that hackers used an SMSC spoofing attack to target 20 Israeli cryptocurrency executives and log into their email and Telegram accounts.

Hackers target crypto executives

In September, hackers were able to get access to the email and Telegram accounts of 20 cryptocurrency executives from Israel. They demanded payments in digital currencies from these executives.

An Israeli news source, Haaretz reported that the cyberattack did not lead to loss of funds but the attacks could have been carried out by a state-sponsored team. Haaretz said that the failed attack also included a major telecom company, a cybersecurity firm called Pandora, and “perhaps even the Israeli Shin Bet,” referring to the Israel Security Agency, an internal security service. Mossad and the National Cyber Security Authority of Israel were also involved in the investigation.

How did the attacks happen?

On September 7^th, Pandora Security’s co-founder Tzahi Ganot said that it was approached by a “new client.” The client claimed to be the deputy chief financial officer of a company. He said that his mobile was hacked in the night and his Telegram accounts and other accounts were hacked. The hackers had sent messages to his contacts from his Telegram account and asked people to send cryptocurrency.

Ganot said that cryptocurrency hacks have become a common occurrence but for a hacker to get inside someone’s Telegram account is uncommon. Ganot said that he was flooded with messaged about similar hacks on the next day. He noted that the hackers managed to breach into the accounts of 20 executives from Israel who worked as CEOs or vice-CEOs of digital currency firms. They were all clients of Partner, an Israeli telecom company.

Several executives got their Telegram accounts hacked while others had their Gmail and Yahoo accounts compromised. The hacker was able to exploit the SMS user verification system to log into their devices. This system is used by several services, including Telegram. The messaging service users can use a temporary SMS code to log into their accounts in case there is a problem. Hackers exploited this service to gain access to user accounts.