, one of the world’s largest exchanges, a “large scale” data breach on May 7. The reportedly stole around 7,000 (), worth more than $40 million as of press time.
As the platform explained , the fraudsters had managed to steal users’ application programming interface (API) keys, two-factor authentication (2FA) codes and other information, which supposedly helped them to orchestrate the attack.
has announced that it will use its reserves “to cover this incident in full,” hence “no user funds will be affected.”
The attack: 7,074 BTC stolen, details are still sketchy
Initially, , CEO of , “some unscheduled server maintenance” on his platform via Twitter, warning that deposits and withdrawals might be blocked “for a couple hours.”
“No need to FUD,” he wrote, following with his : “Funds are #safu.”
In about four hours, revealing that a “large scale” security breach took place on May 7 at 17:15:24 UTC.
According to the exchange, the details of the attack are still sketchy:
“Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.”
As a result, the fraudsters were able to withdraw 7,074 , . The transaction had 44 outputs, 21 of which were native Segregated Witness ( addresses, and those addresses received 99.97% of the funds.
has declared that it was “the only affected transaction,” and that only the hot (containing about 2% of ’s total holdings) was compromised. “All of our other wallets are secure and unharmed,” the exchange wrote.
“They [the hackers] used both internal and external methods to trap a lot of fish and get a lot of user accounts,” Zhao said during , stressing that the attack was highly advanced. According to the CEO, the hackers waited until they had managed to capture a large number of accounts, including “very high net worth accounts,” before carrying out the assault.
“Our security measures were not able to stop that withdrawal, which costed us 7000 …”
Indeed, as implied by Redditor u/dekoze, the attackers could have used a number of hacked verified accounts to withdraw the funds. “They moved the stolen funds from various phished users by way out of range on illiquid pairs,” . “Just look at LINK/PAX, 100k LINK was traded in a 1m candle and reached $9999 USD. That allows you to effectively move all the funds to a few accounts with withdrawal privileges of >100 .”
Soon after the security breach was spotted, suspended all withdrawals and deposits for “about one week” to conduct a thorough security check. “We believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets,” the exchange wrote, adding that all within the platform will remain enabled.
, a number of crypto exchanges, including KuCoin and , are collaborating with to block deposits from the hacked addresses. The stolen funds have been reportedly moved since the hackers obtained them. First, Anti-Money Laundering and Counter-Terrorist Financing firm Confirm showing how 1,227 were moved to two new addresses, one holding 707 coins, while the other one holding 520.
The hacker just moved the funds again!
Coinfirm analysis shows 1227 of the funds moved to 2 new addresses held by the hacker(Red bubbles)
One holds 707 the other 520
Below is also a Coinfirm Risk Report of one
— Coinfirm (@Coinfirm_io)
Then, outlet The Block that the funds from the aforementioned 44 addresses have allegedly been moved to seven addresses, six of which hold 1,060.6 , while one holds 707.1 .
Funds are SAFU: Binance says it will completely cover the loss using its reserves
has stated that all losses will be covered by its emergency insurance fund. Dubbed “secure asset fund for users (SAFU),” it was last year as an initiative to “offer protection to users and their funds in extreme cases.” According to , 10% of all fees have been being sent to a separate cold starting from July 14, 2018. Zhao said during the Periscope stream:
“We’re completely okay on the funding side. It does hurt very much, but we’re able to cover that.”
Notably, () founder and CEO Justin Sun to deposit 40 million tether () to in exchange for coin (BNB), , TRX and bittorent coin (BTT).
The proposition has drawn criticism from some Twitter crypto community members, who that the TRX founder was essentially offering a marketing ploy by proposing to buy the coins “he already has a vested interest in.” Zhao Sun’s offer, explaining that has enough funds to cover the loss.
According to reports from online transaction monitoring resource Whale Alert, 30,000,000 TRX (around $733,679) from an unknown to after the exchange had announced that all withdrawals and deposits were suspended.
When asked about this, a spokesperson explained to Cointelegraph that “transactions to wallets can still occur but won’t be reflected on until our security review is complete.”
Binance has considered a “reorg,” but was advised against it
has considered “reorging” (i.e., reorganizing) the , which could potentially allow them to recover the stolen funds, but rejected the idea after consulting with various parties.
Ultimately, the move would aim to incentivize miners to form a consensus to wield 51% of the network’s hashing power and subsequently reorganize the ’s transactions associated with the security breach.
, such an approach could have involved essentially conferring retroactive ownership of the hacked to the ’s miners by revealing the exchange’s private keys for the affected coins, or even ostensibly ‘sign[ing] batches of txns with the old utxos paying miners with different locktimes to make it a permanent reward to unwind this hack.’”
Later, Zhao that, after speaking to a number of crypto actors — including Rubin and co-founder , among others — decided against the plan.
As the exchange’s CEO explained, even though the move could allow to take “revenge” on the hackers and move the stolen funds back, the credibility of could be damaged as a result. “We may cause a split in both the network and community,” Zhao .
In the comment section, many crypto Twitter users criticized the plan, why would consider centralizing the network in the first place. enthusiast and network engineer Melik Manukyan about the proposal to reorg, writing that “didn’t decide not to” but realized it could not. “True that too, that’s what Jihan advised/educated me on too,” Zhao . “I trust his advice.”
Eventually, the pundits were joined by Galaxy Digital CEO Michael Novogratz, who also denounced the idea to reorg the network. “I am shocked that @cz_binance [ CEO Chengpeng Zhao] even went there,” he , arguing that ’s network is too mature at this point to be altered:
“Talk of forking or reorganizing the is close to heresy. When the community did it the project was like 5 months old. A baby. now has $100bn market cap and is a legitimate of wealth.”
In response, Zhao argued that the plan was to construct a transaction “that would keep all other tx [transactions], and just distribute the hacker coins to miners,” without affecting the network at large.
“It turns out the re-org discussion is hotter than the incident itself,” the CEO later wrote in a separate tweet. He also stressed that the idea was initiated by Rubin, not the exchange’s team.
Reorg is not an entirely new concept; back in 2016, when .
The hack marks the largest security breach of 2019 so far — even though Coinbene is reported to have lost $100 million, .
Published at Fri, 10 May 2019 01:33:55 +0000
