Hackers Are Honing Their Skills – and Hedge Funds Are Their Target

August 9, 2022

Finance firms are 300 times more likely to be targeted by a cyberattack and hackers are honing-in on hedge funds¹

Back in 2021, the FT ran a chilling article titled, “The Anatomy of a Hedge Fund Hack”. The article took a forensic look into the complexity, tactics and tenacity of hackers, highlighting the threat now faced by smaller financial  firms such as hedge funds, brokers and administrators, as well as by family offices and high net worth individuals.

Whilst large banks make attractive targets for hackers, they also have a vast budget for cyber security - making them a tough nut to hack!

Sadly, this is not the case for smaller hedge funds and financial firms, who handle large sums of money, but don’t have the vast resources or the funds to tackle operational security matters.

Hack 1. John’s story

John², a London-based private investor, was set to transfer €10m from his family trust when he realized he was at risk of falling victim to a sophisticated scam. A hacker spent two months impersonating one of John’s trustees in an attempt to trick him into diverting a standard loan repayment to a different bank account.

John was first contacted by the fraudster in 2021, posing as a trustee in a genuine-looking email. The fraudster had hacked John’s email accounts and was well-versed in the language of his various stakeholders, so there was not much to rouse suspicion. The hacker used a common technique called spoofing, where subtle changes are made to the sender’s email suffix so the target is unlikely to notice, but it does come from an entirely different source.

In this elaborate social engineering scam, about 30 emails were exchanged over a couple of months, where in some cases the hackers dropped in personal information only a trusted colleague would know. In one email, John questioned the fake trustee about the interest rate on the loan repayment. The hacker, who had already obtained a copy of the loan schedule, changed it and sent back the correct version.

After John had called his bank to make the loan payment, he called the real trustee by complete chance, it was then that he realized he had been the victim of a scam. He quickly called his bank, who were in the process of checking the exchange rate, so had luckily not yet made the payment. In this instance, no money was lost. In an effort to catch the criminals, the Met’s cybercrime unit, Liechtenstein police and Europol were involved. However, it is not clear whether any progress has been made on the case.

Hack 2. The Levitas Attack

Levitas, a Sydney-based hedge fund, fell for a more typical phishing attack but with devastating consequences.

In September, the co-founder of Sydney-based firm Levitas, Michael Fagan, clicked on a fake meeting invite that allowed a hacker to infiltrate Levitas’ systems and use Fagan’s email.

The hacker then sent fake payment instructions to a third-party vendor called Apex Fund Services. Apex was the fund administrator who held and distributed money for Levitas. Apex tried calling Fagan to check the payment, but was unable to reach him. However, after receiving confirmation from Fagan’s email — sent by the hacker — Apex sent an instruction to pay US$ 936,250 to a fake company called Unique Star Trading. Fagan accidentally discovered the scam after checking the company bank account almost two weeks after the phishing attack.

Had it been discovered a few days later, then the loss could have been in the region of US$ 6 million, because if money goes out to a criminal account and is undetected, hackers come back for more which is exactly what happened! Thankfully, they were unsuccessful in obtaining further funds. But for Levitas, the reputational damage was too great. The hack led Levitas’ largest client, to withdraw its money and the fund is now being liquidated.

What’s clear, is that the array of third-party companies that hedge funds use, for instance trustees, administrators and auditors, increases the number of potential weak links in the chain that can be exploited to steal fiat or digital assets!

Theft of digital assets

It’s not just fiat money that hackers are after. Cryptocurrency-related crime totalled US$ 14 billion in 2021. And, with approximately one in three “traditional” hedge funds now investing in digital assets, there will always be a looming threat of cybercrime that needs to be both addressed and overcome. So what protection measures are available for hedge funds operating in the blockchain space?

What about insurance?

Whilst it’s become somewhat of a ‘cure-all’ security blanket for the modern world, insurance is only one part of a much more complex puzzle. The problem with crypto insurance – aside from it being costly, incomplete, and hard to get – is that it does nothing to prevent the theft in the first place.

The key is prevention!

Any business wanting to avoid the highly-damaging, reputational risk of being hacked, will understand the importance of preventing that hack being carried out in the first place. The great news is, there are companies who you can outsource this risk to and protect your investors’ funds.

Coincover is one of those companies and probably the only technology in the world that can prevent your business and your clients from having their digital assets stolen. What’s more, Coincover has insured their theft prevention technology, so they could help investors to recover any preventable losses due to theft or hacking. However, the key distinction here is that prevention comes before cure – and the cure should only ever be the last resort.

Want to know how to prevent your investors digital assets from being stolen? Contact us now.

¹ Financial Times 27th April 2021
² Pseudonym