IS ONE of the world’s biggest . As of Tuesday, it’s now also the scene of a major theft. In what the company calls a “large-scale security breach,” hackers stole not only 7,000 — equivalent to over $40 million — but also some user codes and API .
Theft has long been ; hackers stole more than $356 million from exchanges and infrastructure in the first three months of 2019 alone, according to a recent report from intelligence company Ciphertrace. But it’s less common to see an established exchange like get hacked — and for the attackers to get so much other information along the way.
The Hack
has been fairly forthcoming about the hack, detailing its impact in from CEO Zhao Changpeng. “The hackers used a variety of techniques, including phishing, viruses and other attacks,” wrote Zhao. “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.”
It appears that hackers were able to compromise several high-net-worth accounts, whose was kept in ’s so-called hot — which, unlike cold wallets, are connected to the internet — and filch those funds in a .
Zhao says the company will conduct a security review of all its systems and data, which he expects to take about a week. In a surprising move, will continue to allow during that time — even though hackers may still control some high-net-worth accounts — though it will disable deposits and withdrawals until it’s sure the hackers are accounted for.
“ knows that they lost user credentials, that their users’ 2FA got compromised, they do not know the exact extent of the attack, yet they keep going,” says Emin Gün Sirer, a computer scientist and codirector of Cornell University’s Initiative for and Contracts. “This is a huge risk. Anyone can take highly risky positions, and if the trades turn sour, they can claim that it wasn’t them, they were compromised by the hack.”
Who’s Affected?
Good question! itself isn’t clear on the scope of the breach. The bad is, if your was in ’s hot , it now belongs to bad guys. The good is that $40 million comprises only 2 percent of ’s overall holdings. The even better is that the company will cover the losses out of its Secure Asset Fund for Users.
traders generally will also be affected, both because they won’t be able to deposit or withdraw their digital money and because, as Sirer notes, the uncertainty of who exactly is participating in those markets could lead to some mayhem. “Hackers may still control certain user accounts and may use those to influence prices in the meantime,” writes Zhao. “We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”
How Serious Is This?
On the face of it, maybe not so bad. Forty million is a plenty big number, but it’s only a small percentage of funds, and users will apparently get their money back.
But the fact that can afford to take a mulligan doesn’t excuse what appears to be a devastatingly thorough hack. And it’s unclear whether the compromise of two-factor codes and API keys will have broader implications. Most of all, it’s the latest reminder that, for all the promise of , it remains a Wild West for investors. If the price fluctuations don’t get you, a hacker, a fraud, is always just around the corner.
Published at Thu, 09 May 2019 03:59:50 +0000
![The bitcoin [btc] 1% - how much do you need to be "bitcoin rich"?](https://ohiobitcoin.com/storage/2019/01/jqHzJx.jpg "The bitcoin [btc] 1% - how much do you need to be \"bitcoin rich\"?")