BREAKING: Binance HACKED!

If you like what you read, feel free to share it:

Yesterday, May 7, Binance, one of the largest cryptocurrency exchanges by trading volume, experienced a security breach. The exchange got hacked and the hackers got hold of approximately 7,070 BTC

Hackers Obtain User Data

Binance CEO Changpeng Zhao immediately did a report on Binance’s inside blog explaining that the hackers were able to obtain a large number of user API keys, 2FA codes, and other info. He stresses that hackers possibly used various techniques including phishing and virus attacks. Also, he claims that there might be several other techniques that hackers used in the hack. Moreover, there still might be additional user accounts that are affected.

It looks like the hackers used only one transaction in which they transferred the stolen 7,070 BTC. CZ says that the hackers only impacted their hot wallet storage which accounts for roughly 2% of the whole Binance BTC holdings. All other Binance’s wallets are safe and intact, says CZ.

Well-orchestrated actions and patience

CZ claims that the hackers had the patience to wait and execute “well-orchestrated actions through multiple independent accounts at the most opportune time”.

“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” reads the report.

A few tweeters got hung up on the phrase “The transaction is structured in a way that passed our existing security checks…” speculating that this might be an inside job.

Binance will use the SAFU fund to cover losses

On July 3, 2018, Binance announced its Secure Asset Fund for Users (SAFU). Binance developed this in order to offer future protection of interests of all Binance users. Binance allocates 10% of all trading fees to this fund.

However, many industry professionals and projects which are related to Binance have shown support for Binance, by offering to pay the 7,070 BTC to Binance. For example, Justing Sun, the CEO of TRON, offered personally to deposit 7000 BTC on Binance to purchase BTC, BNB, TRX, and BTT. A few tweeters interpreted this as “openly admitting to market manipulation”.

Nevertheless, Binance will lock all deposits and withdrawals for a whole week. The reason being a thorough security review. CZ says that they have to go through their systems and data “which is large”. However, trading will still be live.

Suggestion to “rollback” Bitcoin

In the early hours of this incident, Jeremy Rubin (@JeremyRubin) suggested CZ to rollback Bitcoin, in order to recover the lost funds.

CZ did a livestream explaining everything what had happened and in this livestream he discussed the “rollback” option.

Udi Wertheimer in his Twitter profile conducted a thread where he explains why this is an outright nonsense.

He says that this would cost more than the actual hack and could potentially lead to more huge transactions at risk of being double-spent. Also, many other exchanges might be impacted and this could “hurt” the Bitcoin credibility. Wertheimer explains that a day of mining costs 1,800 BTC. Most importantly he said that “this is no Binance chain with CZ signing all the blocks”. By actually trying to rollback Bitcoin, many miners would be affected and the whole Bitcoin ecosystem in general. However, CZ from Binance dismissed this idea rather quickly.

BitMex Research Twitter profile posted a 2016 Reddit thread where a rollback was discussed when hackers stole around 120,000 BTC from Bitfinex. In this thread users comment on the potential negative consequences. 

Wertheimer also reminded that previously Binance had stated that holding assets on their exchange is as safe as being in possession of ones own keys. Now we see that this statement is ridiculous and you should never store your assets entirely on an exchange. Even “SAFU” won’t help. 

Source:

https://www.binance.com/en/support/articles/360028031711
https://www.binance.vision/glossary/secure-asset-fund-for-users

Photo by Flickr

Cryptopia Hacked! Significant Losses!

If you like what you read, feel free to share it:

Today, January 15th, Cryptopia, a New Zealand altcoin exchange, came out with an announcement that yesterday January 14th, they experienced a security breach. This breach resulted in significant losses they claim. They haven’t yet specified how much has the exchange lost. 

Website closed

Cryptopia home page

Since they noticed this unusual activity they put the website in “maintenance mode”. They noted that they will keep it that way, with trading suspended, until they resolve the issue. Also, the staff notified all the appropriate government instances such as NZ Police and high tech crimes unit.

The Cryptopia Exchange

Cryptopia is known as the altcoin paradise back in the day, but since Binance now is the undefeated leader, and legally a better choice, a lot of traders have moved away from the altcoin exchange to Binance. When looking at coinmarketcap or coingecko, of course, the last 24h volume is 0, because the exchange is down at the moment. However, Cryptopia has lots and lots of markets, in which the expected volume is close to zero. Coinmarketcap says that Cryptopia has around 836 markets, but the last 300 or so are with no volume.

Markets within Cryptopia. Source: coinmarketcap.com

WhalePanda on Twitter pointed out that this is rather weird that this is happening during a bear market. Cryptopia has long lost its altcoin exchange title, and now is basically trying to stay alive. There are some rumors flying around, saying that the theft could be around $2,5 million, but when looking at their recent market volumes, those numbers just do not line up. Only if they had a cold storage where they held all the investors’ funds, which doesn’t seem likely.

Also, this is the first hack of 2019

Source:

https://goo.gl/U2XcDh
https://coinmarketcap.com/exchanges/cryptopia/

Photo taken from Pexels.com