The post Stolen crypto data is sold on the dark web for $105 appeared on BitcoinEthereumNews.com.
Stolen crypto accounts sell on the dark web for an average price of $105. The data is collected from phishing attacks and is considered the first step in a complex supply chain of thievery. The price of a single crypto account ranges between $60 and $400, according to SecureList. Hackers capture crypto data, monetize it immediately, or keep it in a database. The final destination depends on the type and quality of the captured data. How stolen crypto data leaves phishing sites The captured crypto data leaves a phishing page in three ways: email delivery, Telegram bot delivery, or admin panel upload. The attackers also abuse legitimate services to hide their activity. These include Google Forms, Microsoft Forms, GitHub, Discord, and other similar platforms. In email delivery, the data is collected from fake HTML forms and then sent to a server-side script, usually PHP. The script then forwards the stolen details to an attacker-controlled email address. A phishing kit has a file to host the fake login page, a script to process the form, and a third file containing the attacker’s email address. However, email delivery is declining because of delays, provider blocking, and poor scalability. Instead of email, many kits now send data directly to Telegram bots. The malicious script calls the Telegram API using a bot token and chat ID. Sometimes the API call is embedded directly in the HTML code. Telegram has become a preferred channel for hackers. Stolen data arrives instantly. Operators get real-time alerts. Bots are disposable and hard to trace. And hosting does not matter much. Advanced attackers prefer admin panels. They are part of a framework or a skeleton that captures crypto data and sends it to a database. The attacker manages the data via a web interface. Admin panels provide live stats…