Bitcoin Forum

The recent hack of Binance has left many wondering about the security of exchanges. Anti-phishing working group Ciphertrace mentioned that the cause is likely a phishing attack is what triggered the hack. They also mention that 2FA is no longer strong enough and that we should consider 3FA for extra security.

3FA is explained a bit better in this article: https://bitcoinexchangeguide.com/could-the-implementation-of-3fa-reduce-hack-attacks-to-crypto-exchanges/

That's right the use of 3FA security check would really enhance the security systems of cryptocurrency exchanges so that they don't get hacked and the funds of users would always be safe.

No matter how many layers of security there is, people can in the end just withdraw it to the wrong address for example. It'd be more reasonable to teach people basic security instead, because at some point, these layers of security just become obscure.

after Binance was hacked.  I think Binance has used this security system.  each exchange must use this security system.  this will have a good influence on platform utilities.  but.  I will see a local exchange too.  I hope to use this system too.

I like the idea of 3FA. Wouldn't they need both the password on mobile and a certification from their laptop? Seems a lot more difficult to obtain both within a certain time period

I don't think introducing and using 3FA security will enhance the security nature of their platform. In as much that 3FA is an upgrade of the previous 2FA, hackers will not give up the attempt to penetrate this security check.

As a general rule, the more layers of security you have the better. I suggest taking money out of exchanges as soon as possible, unless you're a trader, and putting your funds in a hardware wallet. Hardware wallets are largely immune to phishing attacks and trojans.

Not really. A form of "3fa" was already in use, which is the authentication code sent by email/sms, in addition to the 2fa code and the password at login. Sure you could add some gadgets to the mix, but you are only going to make life miserable to your users while not necessarily stop the thieves, which are more focused in social engineering and exploiting bad user habits and their poor choice of software.

2fa was never "strong enough", people who though so were deluding themselves. They are only tools that attempt to slow down the thieves. You are not suddenly "safe" by using 2fa, or necessarily unsafe by not using it. If your password is strong and your software and habits are good, a good password will probably suffice.

You cannot, for example use a weak password with the excuse that 2fa is going to save you from using a strong (difficult) one. And now some people looking at the 3fa gadgets are probably thinking the same, well, no.

I think exchanges should use more their imagination. Perhaps look into muiti-sign addresses, for above certain amounts, so that even if the user "withdraws" the exchange will hold it until they can actually get in contact with the user to confirm that was his/her actual intention or not. Kinda like banks do.

Binance have to increase their security now and of course all the exchanges must do that. The increase on 2FA security to 3FA security is a great move though I think the security is still not guaranteed so its better for every user to have their own security code, and stop putting big money on the exchanges. I believe hackers will have their new strategy, we have to keep safe always but I'm confident that good exchanges will have a good support on this security.

Agreed 2fa is no longer secured enough in preventing hackers gaining access to wallets however introducing 3fa would make accessing wallet  more complicated and complex we have to consider many entrants or newbies into cryptos who might be discouraged because of the difficulties in securing the wallets who have an easier option of saving fiat in the bank without any hassle this are issues that needs to be addressed once.

Introducing 3FA (which some exchanges already use now) or 10FA won't really solve anything if the user is careless. I agree with what has been said, education and awareness for your own security are more important than this. Not to mention that adding more security layer would be complex and make it harder for users if they forget or lose their key.

2FA is enough imo. You don't need complex layers if you only use the exchange to trade and withdraw as soon as you've finished your business there. It's more urgent to educate people that they should use an exchange as an exchange, and not a wallet. They should only store the money that you can lose there, not all of your crypto.

I think after the Binance hacking incident, wallets should focus on adding security level because 2FA isn't working anymore.
What we need is ultimate security where we could only access our own wallets. It could keep away hackers since they would get trapped in multiple codes.

Even 10FA or 20FA if users aren't careful with their wallets and private keys. This security improvement would be a big help for both users and exchanges. However, hackers are smarter nowadays so I guess as the security measures improve they would also do something to dig deeper to access and steal our earnings so it still depends on how we handle our wallets.

The fight is on as to who can give the next supposedly hack-free security system that exchanges like Binance and others can use. Actually, they should have been hiring hackers from North Korea as these people are genius in cracking the codes and stealing coins/tokens from many exchanges. The reality is that hackers are always ahead of the game and no matter how hack-proof the security protocol is they can find the way to breach it. Hacking is a big business with millions at stake. I am then thinking: Can we not integrate Artificial Intelligence into the mix and make it like a guard at the portal?

3FA? I've never tried it before, and I thought that 2FA is strong enough to protect accounts, I should consider enabling 3FA then dude

As far as I've seen in your article, you've always given the example of Binance's hacking! But I think it is because of the 2FA of the users that need to be examined firstly, is this problem related to Binance's system? I think the real issue was a security problem from Binance's system. I mean, it wasn't about what users were using. That's the result. If there is an opening in Binance's system 2FA or 3FA does not matter. The user cannot protect it. It's Binance's responsibility to protect it! As a result, they reported that BTCs were stolen from their cold wallets, not individual.

Sound is somehow potential. Its bit clear that 3FA means three step security check. Yes, 3FA would reduce ratio of hacking crypto currency although can't prevent 100%. Extend extra security means there is one more wall for hacker and they have to break it if they like to hack. But don't forget, hackers are very smart from us really.

It would be great if the security of the exchanges would increase in such a way that it would be almost impossible to crack it. Unfortunately, the reality is that every system has vulnerabilities. There is no perfect system. And hackers do what they are looking for vulnerabilities. But exchanges need to spend more money on their security and hire qualified personnel in order to constantly improve protection and it was not profitable for hackers to spend so much time on hacking.

3FA security can help in the current insecurity situations in the entire cryptocurrency community since it's the latest of the security level the 2FA in no longer strong enough to withstand hackers pishing activities. The recent hack of binance have left many wondering looking for safe security measures cause hackers are trying out every possible measures.

2FA was created to be secure, and in fact it is, but obviously there are some limits to it and the hackers are getting smarter every day. 3FA seems a lot more secure than 2FA but, again, we can't forget that hackers are getting smarter.
If you want to keep your cryptos really secure then a cold wallet would be a good start otherwise you will never be 100% secure at all doesn't matter how many layers of security you may use

None could've tried this earlier, till date 2FA was much secure and with the hack of Binance everything made a big change in every users mind about security. Soon we can expect majority of the service renders establish with 3FA for to keep the system more secure.

This is a nice move to enhance security in the cryptosystem but the truth is that the more technologies advance the more hackers also learn how to break into the advance securities. To be on a safer side saving your digital currencies in any exchange should be avoided. Save your coins in a ledger 📒 to ensure full security or of you can't afford that make use of wallet you own the private keys only and keep in a safe place where it can't been stolen.

Even on this bitcointalk my account was bridge, which definitely got me a red trust, in this Crypto atmosphere we just need a higher means of security that won't have a loop hole for hackers to get in.

I personally welcome this opportunity, I can't risk my assets to thieves who weren't there when I got them. It will be very painful. I can't wait to be part of this development soon security is just the number thing we should talk about

Good article that I read today that enforces the importance of security required for protecting online identity and accounts:
https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

That’s a good one coming from a victim of a hackers, and we really have to increase the security. We need to do everything and try new development, we can’t be sure that 3FA can bring good security but we have to adopt it in order for us to have peace of mind with regards to protecting our money, i would rather try it than to cry later.

The issue isn't about 2FA or 3FA or even 5FA.
These systems are used by human beings, who are susceptible to mistakes and of course these mistakes can always lead to such hack.
Education and Awareness are the key.

Definitely, 3FA will better provide security than 2FA and it wouldn't be a bad idea for exchanges to begin using it. It wouldn't be much comfortable on the part of the users though especially if you travel a lot.

Having additional security is good to avoid hackers and for extra security of everyone wallet and funds. 2fa is already safe and if there is 3fa will be much better and safer from hacker and losing our crypto assets.

If Binance and other sites plans to have 3FA in the future it'll increase the security of their users but it won't stop the hackers from making better hack attempts.


It is enough, that's why most website don't have 3FA.

This isn't the first time hackers succeed in hacking 2fa accounts. Before this hacking news with Binance happened it's already possible.

2Fa breach has happened already, but this is entirely new to the cryptocurrency network, such hacks have taken place in other industries, particularly this takes place in the data sharing and on privacy breach stealing personal contents. Now only we've encountered with exchanges, whenever some issue is faced, we learn and start to overcome with advancement and as a we've now got 3FA.

Surely will help enchanging crypto security sectors. If it improves security stronger then 2FA then why not?
As long security keeps improving and evolving we will be safer from Cryptocurrency hackers.
Such examples happen with our daily lives Antivirus softwares. As long it gets updated to new hack capabilities (viruses, keylogers and such) you will feel safer.

This is the first time I heard of the 3FA authentication, well it's just an additional step towards authenticating who you are. I think there's no problem with having 2FA or 3FA, and it's going to be extra work for the hackers that they can bypass again. We all know that 2FA has incredibly increased the protection of accounts, but in general, as long as something is working, someone is working on getting through it.

It would just take more work for the hackers if 3FA is activated, but for us people, security is a good thing to be on our mind.

I only heard it after the Binance hack, and others have been speculating as to what 3FA is all about, there have been reports that DNA profile is a good step, but I'm not agreeing with that.

---

I wonder though this comment on the article:


I don't understand why it is referred to as exchange employees/exchange worker, does it mean that that hackers was able to access Binance employer's account, that why initially it was reported as an inside job?