Crooks using hacked Microsoft email accounts to steal cryptocurrency

Microsoft email accounts hijacked last month are being used by criminals to steal cryptocurrency.

Motherboard reported attacks on Microsoft emails earlier in April that allowed hackers to read users’ content. It found several victims this week who said that the attackers had used their email to compromise their cryptocurrency exchange accounts and empty their funds.

One such victim, Jevon Ritmeester, claims to have lost just over one bitcoin as a result of the hack after its perpetrators compromised his account at cryptocurrency exchange Kraken.

Posting in the Tweakers technology forum last week, Ritmeester said:

On 08-04 I wanted to see the status of my cryptos. I don’t watch every day, sometimes I don’t even look for months. [Text translated]

When he checked his account, he found that his Kraken password no longer worked, and saw no emails in his Outlook inbox. He only found the telltale password reset emails when he looked in his trash folder.

The criminals had requested a password reset and then hidden the confirmation emails from him by creating an email processing rule. If the rule found specific text in incoming emails, it would forward them to the attackers’ address before deleting it from the local mailbox. That allowed the criminals to reset Ritmeester’s password and empty his account.

Other users on Reddit claimed that the same thing had happened to them. One, Jefferson1337, said that they had lost about $5,000 in cryptocurrency.

Earlier last month, Microsoft confirmed to TechCrunch that some email accounts had been compromised after hackers accessed one of its customer support accounts. According to reports, the hackers could access any email account as long as it wasn’t a corporate-level one.

The software giant had noticed the attack of the end of March. The compromise enabled the criminals to access the content of some Outlook, Hotmail, or MSN accounts.

Several victims, including Ritmeester, suggested that legal action might be appropriate against Microsoft given the financial losses.

Reddit user shinratechlabs said:

For real do I have recourse against Microsoft? I am sure I am not the only one. Crypto users were targeted.

The take away for Naked Security readers is that it is better to rely on multiple forms of protection to secure your online accounts.

Ritmeester used strong, unique passwords which he kept in a password manager, but he didn’t use the 2FA protection that Kraken supports. This left him open to an email hack that was outside his control. He said:

Unfortunately I didn’t have 2FA on because I was under the assumption that all my accounts were well protected by unique and long passwords. I still think this is true, but this Microsoft leak came from within. It is an expensive but wise lesson that despite good passwords, 2FA is the only way to properly secure your accounts. [Text translated]

For cryptocurrency users in particular, another takeaway is that leaving funds unmonitored for a long time in an exchange account as opposed to a secure wallet increases your attack surface, making you vulnerable to account hacks.