Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering a wave of web-bot and social engineering attacks, and customer account takeovers. Powered with Group-IB’s solution for online fraud prevention Secure Portal, the platform has managed to fight off over 220,000 requests from web-bots in just two months, shielding its 4.5 million customers against possible attacks. The figure suggests that bitcoin platforms remain of great interest to threat actors.
Cryptocurrencies, in general, are the apple of cybercriminals’ eye: Group-IB has alerted cryptocurrency holders to various scams on numerous occasions: fake giveaways, non-existent cryptocurrency investment platforms, as well as personal data-exposing schemes, have found hundreds of thousands of people as their victims.
The scope of online threats that Paxful faced before acquiring Secure Portal ranged from social engineering attacks to customer account takeover, which is not surprising given the popularity of cryptocurrencies. But it was the detection and prevention of bad bot activity that pushed Paxful to adopt an additional layer of cybersecurity and resort to Group-IB. Bots, which are reported to generate about a quarter of global Web traffic, are de facto programs that emulate the actions of a real device for the purposes needed. They are a big headache for eCommerce businesses today, with cybercriminals using them to steal money, brute-force user credentials or carry out DDoS attacks.
The brute-forcing of user credentials was the case with Paxful. To successfully thwart bad-bot activity, Group-IB Secure Portal creates a unique fingerprint of a device that is based on over a dozen of indicators and metrics, including info on the user-agent, platform, operation system, the time zone from which the user operates, device language, and others. Based on this fingerprinting and behavioral analysis, Group-IB Secure Portal identifies and issues an alert for any suspicious activity in real-time, after which this detection is used by Paxful to block bad bots.
Trojans, an instrument that is currently regaining momentum under the malware-as-a-service model, have also been spotted in the attacks on the marketplace: Group-IB Secure Portal has identified at least 1,200 user devices infected with Trojans. The detection of malware is considerably facilitated by the fact that Secure Portal is fueled by the information on threat actors, different malware strains’ behavior, malicious IPs and compromised data, such as login credentials or bank card data, from Group-IB attribution-based Threat Intelligence, a proprietary system that holds the most up-to-date data on advanced attackers and their TTPs.
Group-IB Secure Portal also managed to identify over 100,000 accounts with three or more logins from the same device. Some of these accounts were simply compromised, others were used to boost rank on the platform for further fraud activity or were just resold.

Dmitry Moiseev
Chief Information Security Officer at Paxful
With the deployment of Group-IB Secure Portal, Paxful is now even better equipped to mitigate fraud and prevent digital crimes well before they are even close to affecting the company’s multimillion customer base.

Nicholas Palmer
Director of International Business Development