Wed. Nov 20th, 2019

Ethical Hacking Playground

hacking is curiosity

Hackers Steal Around $41 Million in from Binance Cryptocurrency Exchange

3 min read

What is Cryptocurrency?

cryptocurrency is a digital currency built with cryptographic protocols that make transactions secure and difficult to fake.

The most important feature of a cryptocurrency is that it is not controlled by any central authority: the decentralized nature of blockchain makes cryptocurrency theoretically immune to the old ways of government control and interference.

Cryptocurrencies make it easier to conduct any transactions, for transfers are simplified through use of public and private keys for security and privacy purposes. These transfers can be done with minimal processing fees, allowing users to avoid the steep fees charged by traditional financial institutions.

 

The Hack

The hackers used a variety of common techniques, including phishing, viruses and other attacks. The hackers had the patience to wait, and execute well organised attack through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that it passed our existing security checks.

Zhao says the company will conduct a security review of all its systems and data, which he expects to take about a week. In a surprising move, Binance will continue to allow trading during that time—even though hackers may still control some high-net-worth accounts—though it will disable deposits and withdrawals until it’s sure the hackers are accounted for.

“Binance knows that they lost user credentials, that their users’ 2FA got compromised, they do not know the exact extent of the attack, yet they keep trading going,” says Emin Gün Sirer, a computer scientist and codirector of Cornell University’s Initiative for Cryptocurrencies and Contracts. “This is a huge risk. Anyone can take highly risky positions, and if the trades turn sour, they can claim that it wasn’t them, they were compromised by the hack.”

 

Who Got Affected?

Good question! Binance itself isn’t clear on the scope of the breach. The bad news is, if your bitcoin was in Binance’s hot wallet, it now belongs to bad guys. The good news is that $40 million comprises only 2 percent of Binance’s overall bitcoin holdings. The even better news is that the company will cover the losses out of its Secure Asset Fund for Users.

Binance traders generally will also be affected, both because they won’t be able to deposit or withdraw their digital money and because, as Sirer notes, the uncertainty of who exactly is participating in those markets could lead to some mayhem. “Hackers may still control certain user accounts and may use those to influence prices in the meantime,” writes Zhao. “We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”

 

How Serious Is This?

On the face of it, maybe not so bad. Forty million is a plenty big number, but it’s only a small percentage of Binance funds, and users will apparently get their money back.

But the fact that Binance can afford to take a mulligan doesn’t excuse what appears to be a devastatingly thorough hack. And it’s unclear whether the compromise of two-factor codes and API keys will have broader implications. Most of all, it’s the latest reminder that, for all the promise of cryptocurrency, it remains a Wild West for investors. If the price fluctuations don’t get you, a hacker, a fraud, or a scamis always just around the corner.

 





Advertisements

More Stories

Leave a Reply