A darknet forum hacker user known as ‘Dementorfraud’ is selling unauthorized access to an undisclosed Brazilian currency exchange for $15,000. The cyberattack echoes similar incidents in the financial sector, including the 2020 Travelex breach and other major cryptocurrency hacks, highlighting the increasing trend of cyber threats to financial institutions.
News of a Brazilian exchange cyberattack has come to light on the darknet forum, with a user offering unauthorized access to the exchange site for a price tag of $15,000. The offer was posted on a dark web forum on Monday, February 26th, 2024.
A dark web user that goes by the vendor name of ‘Dementorfraud’ is allegedly selling access to an undisclosed Brazilian currency exchange. However, the threat actors provided some information into the compromised exchange site.
The threat actor’s post read
“Selling access to a Brazilian currency exchange. The company sends a cache by mail. Inside the log: huge databases, selfies, selfies with documents, and most importantly- the ability to send the cache to your drops (up to $10k per sending) The log implementation depends only on your imagination.”
Little is known about the identity of Dementorfraud, except the actor recently joined the dark web forum in January 2024. However, there is speculation that the actor is part of a larger cybercriminal organization targeting financial institutions’ databases.
The cyberattack on the undisclosed Brazilian currency exchange is one of many attacks witnessed by cryptocurrency exchange platforms and financial institutions. In recent months, Clop has been the most active ransomware group to targeting financial institutions and financial services.
Moreover, the US Federal Reserve’s Cybersecurity and Financial System Resilience report cited ransomware-as-a-Service (RaaS) and sophisticated Distributed Denial of Service (DDoS) attacks as the biggest threat to financial institutions operational and databases.
Last year, the ransomware group gained access to over 10 financial institutions’ databases with the GoAnywhere attack. Among the 10 financial institutions are Deutsche Bank, Post Bank, and ING Bank. However, it remains unclear as to who orchestrated the attack against the Brazilian currency exchange.
Potential Impact of the Cyberattack
In 2022, the financial sector recorded the second-highest number of reported data breaches with institutions in the U.S., Argentina, Brazil, and China being the main targets. According to statistics, finance and insurance organizations reported over 566 breaches with over 254 million leaked records.
Ransomware attacks on financial institutions saw an increase from 55% in 2022 to 64% in 2023. The data breaches cost the financial sector an estimated $5.9 million, the second highest cost amongst all sectors.
The cyber attack incident on the Brazilian currency exchange replicates a similar incident in 2020, which impacted Travelex, a renowned foreign currency exchange. In the official reports, the currency exchange reported severe operational and reputational damage due to the cyberattack.
Threat actors managed to disrupt and seize the currency exchange’s website. The breach forced the institution to resort to manual processes. The attackers demanded the sum of £4.6 million from Travelex to restore daily operations. However, the incident left the currency exchange in disarray and tarnished its reputation.
Similarly, the cryptocurrency industry also experienced its fair share of high-profile cyberattacks. In March 2022, the Ronin Network was targeted by the North Korean state-backed Lazarus Group, who stole an estimated $625 million worth of Ethereum and USDC stablecoin.
Hey there, I’m a dark web geek who’s been around for the last 8 years. More precisely, I’m livedarknet’s senior content writer who’s been writing about darknet marketplaces, tutorials, and cybersecurity stuff for educational purposes.