Latest Stories
  1. [ANN] Bitcoin Luminary (BTCLM)| Revealing the Next Chapter in Crypto Speed
  2. And down
  3. Nepal's Hydro Power and Cool Climate for Bitcoin Mining: A Path to Economic Growth
  4. #1681 Die deutschsprachigen Steem- & Kryptoartikel des heutigen Tages (Montag, 06.05.2024) - Mit Gew...
  5. [ANN] TonGaming - P2E Gaming Experience with on TON Blockchain & Telegram
Exchanges

Binance Hacked Out of $40 Million

from Trust Nodes     0  1171
Binance Hacked Out of $40 Million

Binance has experienced a sophisticated attack of user accounts through phishing, viruses and other malware, with 7,000 BTC withdrawn from their hot wallet by hackers.

Changpeng Zhao, Binance’s CEO, said the system was unable to detect the illicit withdrawal, but they are able to cover it from the Safu fund.

Binance launched the Secure Asset Fund for Users (SAFU) in July last year which allocates 10% of trading fees to the fund.

Zhao said they will now halt deposits and withdrawals for a week as they will try to clear up all accounts that might be affected.

He suggested users reset two factor authenticators (2FA) and change their API private keys.

“We must conduct a thorough security review,” Binance said. “The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK. We will post updates frequently as we progress.

Most importantly, deposits and withdrawals will need to REMAIN SUSPENDED during this period of time… We will continue to enable trading, so that you may adjust your positions if you wish.”

Changpeng Zhao said, after users suggestions, their team was considering a re-org by making a transaction with a huge fee of 7,000 BTC. That would effectively take the funds from the hackers and would give it to miners with Binance still losing 7,000 BTC either way.

It might have deterred other hacks, but something like that would probably only work if it was minutes after the attack. Zhao thus decided against it, stating:eval(ez_write_tag([[300,250],'trustnodes_com-medrectangle-4','ezslot_1',169,'0']));

“After speaking with various parties, including @JeremyRubin, @_prestwich, @bcmakes, @hasufl, @JihanWu and others, we decided NOT to pursue the re-org approach. Considerations being:

Pros: 1 we could “revenge” the hackers by “moving” the fees to miners; 2 deter future hacking attempts in the process. 3. explore the possibility of how bitcoin network would deal with situations like these.

Cons: 1 we may damage credibility of BTC, 2 we may cause a split in both the bitcoin network and community. Both of these damages seems to out-weight $40m revenge. 3 the hackers did demonstrate certain weak points in our design and user confusion, that was not obvious before.

Cons: 4 While it is a very expensive lesson for us, it is nevertheless a lesson. it was our responsibility to safe guard user funds. We should own up it. We will learn and improve.”

Binance makes about $60 million in profits per quarter. Presumably that’s in addition to the 10% sent to the Safu fund. $40 million, therefore, although it is quite a lot in normal circumstances, it is arguably a small amount for an exchange with these levels of profit.

It’s long been suggested these sorts of hacks are just a cost of business with the best practices of cold wallets, hot wallets, and an insurance fund (safu) utilized here.

eval(ez_write_tag([[300,250],'trustnodes_com-box-4','ezslot_2',171,'0']));Some suggest such hacks shouldn’t be announced at all if they can be covered through funds, but here Binance went down for unscheduled maintenance with people noticing the 7,000 BTC withdrawal.

It’s unclear why the system was unable to catch the unusual activity, but had it been one 7,000 BTC withdrawal, obviously there would have been more checks.

Here, it seems the hackers have made it appear like it is just normal activity with users withdrawing. It just so happens to be at the same time.

The system didn’t catch it because it looks like the hackers have been learning about the system.

In March 2018, Binance managed to trap hackers who like here had accumulated many account credentials through phishing and so on.

It’s unclear whether that was passed on to law enforcement, but in July again there’s an attempt, this time through API keys, hence the Safu fund is launched.

It was perhaps always a matter of time, but arguably the system could have been designed better. You’d think a bot could have raised a flag after seeing $40 million in total was being requested for withdrawal at the same time.

Presumably that rarely, if ever, happens naturally and even if it does, some little inconvenience during a false flag might be a small price to pay presuming it would be in rare instances.

If the hackers have been studying the system, however, you’d think they would find some hole somewhere eventually. Hence usually hot wallet hacks are considered a matter of when, not if.

That said, the industry, at least in the west, is getting a lot better. Such hacks used to be far more common. Now we can’t recall the last time it happened for a prominent exchange.

In Asia, such hacks have been a lot more common presumably because they had to learn the same lessons with it unclear whether exchanges share best practices with each other. Something which itself could potentially be a security loophole, hence making it difficult to do so.

With time, however, best practices develop somewhat naturally with the lesson in this case very clear: add a fuse to check surges.eval(ez_write_tag([[250,250],'trustnodes_com-large-leaderboard-2','ezslot_3',177,'0']));

Copyrights Trustnodes.com

Propose a new tag
Editor's Choice
Why LINK could give investors a run for their money in the coming days
Altcoins

Why LINK could give investors a run for their money in the coming days

Can the stars tell you what ChatGPT’s Bitcoin price predictions couldn...
Market Analysis

Can the stars tell you what ChatGPT’s Bitcoin price predictions couldn...

Cardano [ADA] retests Q1 price ceiling- Will bulls go forth? 
Altcoins

Cardano [ADA] retests Q1 price ceiling- Will bulls go forth? 

Joseph Ziolkowski – RELM – The Smart Economy Podcast: Episode 35
Altcoins

Joseph Ziolkowski – RELM – The Smart Economy Podcast: Episode 35

Metacade’s Highly Anticipated MEXC Listing Confirmed For 4th May
Exchanges

Metacade’s Highly Anticipated MEXC Listing Confirmed For 4th May

Bitcoin Price Prediction May – Could These 6 Cryptos Provide 50X More...
Bitcoin

Bitcoin Price Prediction May – Could These 6 Cryptos Provide 50X More...

AI-powered education: how BeNFT Solutions is creating the jobs of the...
Blockchain

AI-powered education: how BeNFT Solutions is creating the jobs of the...

Tether [USDT] – Now that the DDoS attack is behind it, here’s the post...
Institutional

Tether [USDT] – Now that the DDoS attack is behind it, here’s the post...

Silicon Valley wants to introduce metaverse standards
Blockchain

Silicon Valley wants to introduce metaverse standards

Mortgage giant Sun West Up to give away 5 ETH as they introduce blockc...
Fintech

Mortgage giant Sun West Up to give away 5 ETH as they introduce blockc...

Ethereum (ETH) with double-digit price growth
Ethereum

Ethereum (ETH) with double-digit price growth

Neo News: Week in Review – June 20 – June 26
Altcoins

Neo News: Week in Review – June 20 – June 26

The $100 Trillion Market, Can Crypto Handle It?

The $100 Trillion Market, Can Crypto Handle It?

Why is Bitcoin falling if it’s a ‘Safe Haven’ asset

Why is Bitcoin falling if it’s a ‘Safe Haven’ asset

Rumor mill circulating news of a possible link between Takung Art Co L...
Market Analysis

Rumor mill circulating news of a possible link between Takung Art Co L...

Wallstreetbets and hedge funds put on blast as day trading retail apes...
Market Analysis

Wallstreetbets and hedge funds put on blast as day trading retail apes...

Support this Site
Try the Brave Browser
Try the Brave Browser

Share your thoughts, add a comment!

You must be logged in in order to place a comment.

Article comments

Loading...
No comments yet, be the first to comment this article