It was announced on the 7th that Binance, one of the world’s largest cryptocurrency exchanges, had suffered a cyber-attack that saw 7000 Bitcoin stolen, the equivalent of £31 million.
The company have been open about the hack. CEO Zhao Changpeng released a statement on the company’s blog disclosing the event fully.
‘’Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks.’’
The attack was clearly well organised and targeted.
‘’The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.’’
The Bitcoins were stolen from a ‘Hot Account’ containing only 2% of the company’s holdings. A ‘Hot Account’, compared to a ‘Cold Account’, is connected to the internet.
Zhao is confident that the missing funds will not fundamentally affect the company explaining that the funds are protected via the company’s ‘Secure Asset Fund for Users’ (SAFU), a cold account that collects 10% of all trading fees as an insurance policy for users.
Click here to see the public ledger showing the fraudulent transactions.
Deposits and withdrawals from the exchange have been halted for a week although trades are still being allowed during this time.
Zhao explained that withdrawals and deposits will be back online when ‘all traces of the hackers in accounts and data have been cleared’’.
It sounds like Binance unlike Mt Gox will live on.
Mt Gox, a Bitcoin exchange based in Tokyo Japan, filed for bankruptcy in 2014 after 850, 000 Bitcoin was stolen from a hot wallet. This is equivalent to around $473, 000, 000. Although $116, 000, 000 was recovered.
Phishing and Stolen 2FA, API Codes.
An important fact to be aware of is that the hackers managed to obtain 2FA codes which were then used to access accounts. It sheds light on the vulnerability of 2FA codes for users everywhere. Whilst the average user of 2FA may be astonished to find that a hacker could steal a 2FA code and use it to access an account, it absolutely can happen. The reality is that 2FA codes aren’t 100% secure and can be phished.
A Report on Google came out in 2018 from a well-respected security journalist explaining how the company had neutralised phishing account takeovers for all of their 85,000 employees. This was the result of a new internal policy that required employees to use security keys instead of passwords and 2FA codes.
It’s something to consider.