Bitcoin Forum

Economy => Exchanges => Topic started by: jdarren on May 08, 2019, 10:45:40 PM



Title: Binance BTC Hack is due to 2FA
Post by: jdarren on May 08, 2019, 10:45:40 PM
With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

https://cryptobriefing.com/binance-promises-to-cover-7000-btc-lost-in-hack/


Title: Re: Binance BTC Hack is due to 2FA
Post by: rdbase on May 09, 2019, 12:35:16 AM
Havent heard of 3fa authentication before but I guess it was coming if 2fa can be hacked into as your article suggested what happened to binance losing their funds.


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 12:42:24 AM
With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

https://cryptobriefing.com/binance-promises-to-cover-7000-btc-lost-in-hack/

Here is a few things they can do POP proof of person https://www.youtube.com/watch?v=l4x0vOAu0lQ
They could also when they see a bunch of accounts withdrawing or trading alts into bitcoin at the same time, freeze those accounts. Set up a "line up" where they can only service one person at a time. Every time these big exchanges get hacked there is so many accounts doing something at the same time. Why not have a Queue?

Imagine being in a mcdonalds and everyone walks up and orders something from the cashier at the same time, that is what is going on here.
Why not make them form a line and take each customer one at a time? or 3-4...

Kind of like a data throttle or engine throttle

Granted this will only stop massive attacks and slow them down, but small scale attacks will be done if they don`t use 3fa.
850,000 coins went missing more than satoshi owns has because of not having a line, at mt.gox.

It is pretty simple you set up a system where "if certain amount of users withdraw or alts are being traded and exchanged for btc which exceeds above normal a rate of traffic by 1.5x or 2x transactions" exec queue timer.

I don`t know I am no expert at coding but I am sure it would not take much. To do the later suggestion.


Title: Re: Binance BTC Hack is due to 2FA
Post by: jakelyson on May 09, 2019, 12:54:45 AM
3FA could work for a while and I am sure hackers will find a way to obtain your fingerprint or retinal scans and use a digital copy of it to bypass security. Any security employed always have the weakest link, the user or human nature that can be exploited.


Title: Re: Binance BTC Hack is due to 2FA
Post by: rdbase on May 09, 2019, 12:57:35 AM
3FA could work for a while and I am sure hackers will find a way to obtain your fingerprint or retinal scans and use a digital copy of it to bypass security. Any security employed always have the weakest link, the user or human nature that can be exploited.
Yes this is what I was thinking too. Anything dealing with security will eventually get hacked because they are not updated often enough giving time to those who are doing the hacking chances to try and crack any sort of defense they would put in place.


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 12:59:56 AM
3FA could work for a while and I am sure hackers will find a way to obtain your fingerprint or retinal scans and use a digital copy of it to bypass security. Any security employed always have the weakest link, the user or human nature that can be exploited.

True, DNA(spit,blood,sweat,piss,shit) is the ultimate solution, if it was tied into the hospital records we would even be able to tell if the DNA used by that person on the chain is dead. It would be pretty easy to catch people in a p2p network sending one users funds they stolen to another to link it to them, if you don`t get killed and get robbed you just say hey police robo cop network, my funds were stolen, freeze them. If you make people renew it once a year, we can make sure no dead people are voting or collecting UBI. People will stop stealing from eachother, and they will be 100% sure to get caught when they do.

But 2FA < 3FA < 4FA < 5FA < ∞

Is better than 1 or 2 FA

fingerprints is the easiest way to go (some people don`t have fingers)
eyes is another easy way to go (some people don`t have eyes)
DNA is universal.

They don`t have to be pictures, they can be videos, making the person in the video do certain things or random things to verify more proof of person.

We really need to be careful here, not all earthlings are on the same page, if this tech is used in the wrong hands, it could wipe out a entire gene pool, drones could scan your face from the sky and 1 tap you.
We need to keep it away from religious radicals and terrorist.

Imagine I had a blockchain of everyone and their face in my country, we could set up drone helicopter or plane to scan your face and if it does not match our data base, it kills you.

Granted here in Canada, China and US, they already have street cams that are linking you to your facebook and email. So Yah...  I don`t know what to do  :-\

This is public tech, https://www.youtube.com/watch?v=aE1kA0Jy0Xg Imagine what they got.
some more stuff https://www.youtube.com/watch?v=Cgxsv1riJhI
https://www.youtube.com/watch?v=4BdyGFfaRlk


Title: Re: Binance BTC Hack is due to 2FA
Post by: Crypto Girl on May 09, 2019, 01:04:53 AM
Havent heard of 3fa authentication before but I guess it was coming if 2fa can be hacked into as your article suggested what happened to binance losing their funds.
We already have it, if you're not aware and it seems good if they push it through as additional authenticator as it will strict the access on our accounts.

We have three factors in using authentication
[1] something you know ( e.g. password )
[2] something you have (e.g. smart card )
[3] something you are ( e.g. biometric or fingerprint )

We all see in some scifi movies that scanning a retina to be able to enter into a restricted area is a cool stuff. So I guess that will really enhance the security unless someone kill us and get our eyeball. lol!


Title: Re: Binance BTC Hack is due to 2FA
Post by: beatzcoin123 on May 09, 2019, 01:20:17 AM
I am just hearing of a 3fa securitysystem for the first time, but it is a welcome development if a 2fa system has failed, it's a very serious threath to cryptocurrency space if a renowned cryptocurrency exchange like binance can be hacked.


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 01:20:50 AM
3FA could work for a while and I am sure hackers will find a way to obtain your fingerprint or retinal scans and use a digital copy of it to bypass security. Any security employed always have the weakest link, the user or human nature that can be exploited.

True, DNA(spit,blood,sweat,piss,shit) is the ultimate solution, if it was tied into the hospital records we would even be able to tell if the DNA used by that person on the chain is dead. It would be pretty easy to catch people in a p2p network sending one users funds they stolen to another to link it to them, if you don`t get killed and get robbed you just say hey police robo cop network, my funds were stolen, freeze them. If you make people renew it once a year, we can make sure no dead people are voting or collecting UBI. People will stop stealing from eachother, and they will be 100% sure to get caught when they do.

But 2FA < 3FA < 4FA < 5FA < ∞

Is better than 1 or 2 FA

fingerprints is the easiest way to go (some people don`t have fingers)
eyes is another easy way to go (some people don`t have eyes)
DNA is universal.

They don`t have to be pictures, they can be videos, making the person in the video do certain things or random things to verify more proof of person.

We really need to be careful here, not all earthlings are on the same page, if this tech is used in the wrong hands, it could wipe out a entire gene pool, drones could scan your face from the sky and 1 tap you.
We need to keep it away from religious radicals and terrorist.

Imagine I had a blockchain of everyone and their face in my country, we could set up drone helicopter or plane to scan your face and if it does not match our data base, it kills you.

Granted here in Canada, China and US, they already have street cams that are linking you to your facebook and email. So Yah...  I don`t know what to do  :-\

This is public tech, https://www.youtube.com/watch?v=aE1kA0Jy0Xg Imagine what they got.

We really need to make a Super Colony to prevent this from happening, The tech is in the wrong hands, So is the money supply, It needs to be in all of our hands, so all of humanity's interest are invested in. It was reverse psychology on all of these One World Order things (conspiracy things on youtube) Government speeches. We want a one world order, but we want one that does not force us to be a part of it, we are willing. The One World Order to be run by all of us. Divide and Conquer is how they win. Unite and Conquer is how we all win.

https://www.youtube.com/watch?v=wMKpYxhI2KI
10,000 thumbs up 99%, 90 thumbs down 1%
(well close enough)

90 out of 10,000 people are greedy.

THAT ORDER NEEDS TO BE OUR ORDER.


"And so long as men die, liberty will never perish." COME AT ME BANKERS, COME AT ME POLITICIANS, COME AT ME YOU MACHINE MEN.

 I am the Matter that cannot be crushed anymore, every time you kill me I come back, brighter than ever, go ahead try and put out my flame, I dare you.


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 01:49:45 AM
We should all be cops, bankers, military, judges, fire force, government.  (IF WE WANT TO BE WILLINGLY)

We should all be voting on issues
We should all be able to make issues to vote on
We should all have at least 1 back up house, with self sustaining food, water and green energy. If not why not 2 or 3.
We should be on mars by now
We should be on the moon by now
We could of been in another galaxy by now!

Patents hold us back, same with copyright. WHY? LIKE WTF? ARE YOU DOING? GREED BLINDS YOU.
open source that shit

If every greedy person stopped being greedy, there would be more for everyone not just everyone, but them included.

Who wants a free moment of my time? Go ahead ask me anything? We don`t live in fear, they do. They are the ones with the bunker backups for them, not US!
https://www.youtube.com/watch?v=WQtRDr0qHvY
THAT OUR LIMITED WORK AND TIME PAID FOR! IT ALSO PAID FOR THEIR JOB TO PROTECT THEM, NOT US!


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 02:43:14 AM
3FA could work for a while and I am sure hackers will find a way to obtain your fingerprint or retinal scans and use a digital copy of it to bypass security. Any security employed always have the weakest link, the user or human nature that can be exploited.

If 3fa is as I suggested

how will they not get caught? I mean lets say worst case scenario, Let`s say the physically kill your or kidnap you, the funds move on your account, it is reported to blockchain and it sorts it out to the robo network that tells the people, the people are the police, when buddy tries to use the funds at any store the merchant who is a police officer as well, they will arrest him, the cameras will catch him long before he has anything to buy anyways I am sure of it. So even worse case scenario because if they kill you, we will all know because your dna has gone stale, or you have no re upload your own video to the network in a few weeks to reverify. We will be able to see that you have not bought food in 2 weeks and your family probably already reported you missing. I mean like we can see on video if it is you or not when you are 3fa`ing, here is the global sound you make while they force your face to the camera with a gun being point at you, "help they are robbing me lol" "CAW CAW" "CAW CAW" Heck just tilt the camera a little towards them and we will see or just give them the funds, and after tell the network lol.  
 


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 02:51:31 AM
should we all go out in these from now on with super thick glasses and wear gloves at all times? make sure to hold our breath the entire time and our piss and shit, they could see where you are when you piss, they own the sewer systems. Don`t you even think of shedding 1 single hair or skin flake.

https://i.imgur.com/qfkRaE1.jpg


Title: Re: Binance BTC Hack is due to 2FA
Post by: tyz on May 09, 2019, 03:24:32 AM
What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

You can install as many security mechanisms as possible if the users act carelessly in the end. Social engineering is a broad field, so you can't say exactly how the hackers got to the data, but it often happens via a personal mail asking to change the password and then redirected to a fake site. It is difficult to prevent such mistakes from individual users.


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 03:50:01 AM
What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

You can install as many security mechanisms as possible if the users act carelessly in the end. Social engineering is a broad field, so you can't say exactly how the hackers got to the data, but it often happens via a personal mail asking to change the password and then redirected to a fake site. It is difficult to prevent such mistakes from individual users.

worst case possibility`s they kill you? or they kid nap you? right? the "hackers, or hijackers, or murders, or thieves" whatever you want to call them.


Title: Re: Binance BTC Hack is due to 2FA
Post by: Duzter on May 09, 2019, 03:58:49 AM
None is sure what is the truth behind the hack. In each and everything now we've got the 2FA security and this is termed to be the best in comparison to all other security features. Now this too has got hacked is simply unbelievable. Another issue going on is that Binance could have revealed it as a way to transfer the funds to its DEX which is under development and this might be to bypass US regulations.


Title: Re: Binance BTC Hack is due to 2FA
Post by: tyz on May 09, 2019, 04:01:38 AM
What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

You can install as many security mechanisms as possible if the users act carelessly in the end. Social engineering is a broad field, so you can't say exactly how the hackers got to the data, but it often happens via a personal mail asking to change the password and then redirected to a fake site. It is difficult to prevent such mistakes from individual users.

worst case possibility`s they kill you? or they kid nap you? right? the "hackers, or hijackers, or murders, or thieves" whatever you want to call them.

As I wrote, social engineering is a broad field with many varities. And all your listed kinds more or less belong to it  ;)


Title: Re: Binance BTC Hack is due to 2FA
Post by: hatshepsut93 on May 09, 2019, 04:30:49 AM
fingerprints is the easiest way to go (some people don`t have fingers)
eyes is another easy way to go (some people don`t have eyes)
DNA is universal.

That's a horrible idea, because that information is sorta public - someone can obtain your fingerprints from items that you have touched, and it takes just one breach to render this method broken for the rest of your life, because you can't change your fingreprints. So, if some crappy service will get hacked and biometric information will get stolen, or if someone will deliberately setup a malicious service under the guise of a legit one, all in order to harvet biometrics, this method of security will get completely broken. It only works when you submit your fingreprints in real life instead of sending them over the Internet, and even then I'm sure hackers will be able to tamper with it at some point.


Title: Re: Binance BTC Hack is due to 2FA
Post by: darklus123 on May 09, 2019, 04:44:27 AM
Eventually sooner or later hackers will be able to obtain new tactics or find out any loopholes of the said 3FA. Therefore the best thing to do is to always move your funds in and out from any trading platforms.

I know this is kinda toxic idea but I think that is one of the best thing we can do for now.


Title: Re: Binance BTC Hack is due to 2FA
Post by: peter0425 on May 09, 2019, 05:12:44 AM
Eventually sooner or later hackers will be able to obtain new tactics or find out any loopholes of the said 3FA. Therefore the best thing to do is to always move your funds in and out from any trading platforms.

I know this is kinda toxic idea but I think that is one of the best thing we can do for now.
Hackers will will obtain new ways to really hack our accounts here in crypto. That's why first thing we really do is not to leave huge money in our trading account. 2FA was touted to be the best solutions when is was released years ago, but look at where we are today. Those hackers are really that smart and will always find ways any loopholes in the system even if we have this 3FA.


Title: Re: Binance BTC Hack is due to 2FA
Post by: vennali on May 09, 2019, 05:31:34 AM
Is 2FA really that weak for authentication ? Other than social engineering, I don't see how accounts can get hacked, unless they have the passwords and codes on their phones which get hacked. Its more of a result of poor security management.

3Fa would certainly change things.


Title: Re: Binance BTC Hack is due to 2FA
Post by: darklus123 on May 09, 2019, 05:58:46 AM
Hackers will will obtain new ways to really hack our accounts here in crypto. That's why first thing we really do is not to leave huge money in our trading account. 2FA was touted to be the best solutions when is was released years ago, but look at where we are today. Those hackers are really that smart and will always find ways any loopholes in the system even if we have this 3FA.

It is because there is no such system called perfect one. Sadly if you are a huge trader you really need to put a lot of amounts to certain exchanger and you can't do something about it.

The question here if it really happened or this was just a propaganda for them to take advantage.


Title: Re: Binance BTC Hack is due to 2FA
Post by: GetAurox on May 09, 2019, 06:07:49 AM
Seems like another swim swapping incident.


Title: Re: Binance BTC Hack is due to 2FA
Post by: cipherhut on May 09, 2019, 06:08:43 AM
2FA then 3FA then what? Hackers will definitely find loopholes to break the security walls, to restrict such incidences we need to explore the biometric section where we can trace the unique identity and it will at least minimizes the intensity of getting hacked.



Title: Re: Binance BTC Hack is due to 2FA
Post by: squatter on May 09, 2019, 06:19:52 AM
Imagine being in a mcdonalds and everyone walks up and orders something from the cashier at the same time, that is what is going on here.
Why not make them form a line and take each customer one at a time? or 3-4...

Because that would be incredibly slow and customers would complain about withdrawal delays. It would also be costly (transaction fee wise) and bad for the Bitcoin network because they couldn't batch transactions.

It is pretty simple you set up a system where "if certain amount of users withdraw or alts are being traded and exchanged for btc which exceeds above normal a rate of traffic by 1.5x or 2x transactions" exec queue timer.

They are trying to support large scale API trading... bots, algorithms. Is that a realistic approach?

With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

If SIM card porting was required, then 2FA (with OTP authentication like Google Authenticator) is still fine going forward.


Title: Re: Binance BTC Hack is due to 2FA
Post by: Nadziratel on May 09, 2019, 06:27:18 AM
No matter how hard we try. One day they will find a way again. This is the life story of mankind. First, the disease occurs, then the humanity to deal with. Sometimes the solution comes in days. Sometimes it takes years. There's not a lot we can't come up with. I'm sure there will be an extra security measure now and this will be enough for a while. Then we will experience the same things ... The nature of mankind ...


Title: Re: Binance BTC Hack is due to 2FA
Post by: Kakmakr on May 09, 2019, 06:44:51 AM
In the end, most security measures can be circumvented if people are working from the inside to enable these hacks to take place or through negligence.  ::)  We had a incidence with our home security where someone was working for the security company and he was retrenched when the company struggled.

So being homeless and angry, he sold the database of the sensitive passwords that you give to the security company when the alarm goes off and these people broke into several houses without any security staff responding to the alarm. <All of the victims had landlines, so they just answered the landline when the security company phoned and gave them the password.>  >:(

Social engineered "hacks" are very difficult to stop, because you dealing with people.  ::)


Title: Re: Binance BTC Hack is due to 2FA
Post by: omone1 on May 09, 2019, 07:05:13 AM
Never heard of 3FA before. Just as someone has pointed out if we adopt 3FA, its a matter of time, it will still be hack and we may have to migrate to 4FA and when this is breach, we will have to move on to a higher version and this will go on and on while losses continue to be suffered. I really hope for a technology that can't be compromised, but this is almost impossible. Maybe I phone engineers and other cyber engineers should step in. I wonder how John MaCafee can help in this case, he should drop finding Satoshi for now and see solution to this.


Title: Re: Binance BTC Hack is due to 2FA
Post by: FreeEarnsActivist on May 09, 2019, 07:09:17 AM
If someone interested in an analysis of the transaction, where btc go take a look at Coinfirm analysis: https://twitter.com/Coinfirm_io/status/1126082101080743938


Title: Re: Binance BTC Hack is due to 2FA
Post by: Herbert2020 on May 09, 2019, 07:14:04 AM
stop trying to come up with new methods of increasing security. there are already excellent methods available that millions of people are using correctly and have never had any problems. just because someone used some methods in the wrong way which led to a catastrophe of this size it doesn't mean you should reinvent the wheel.


Title: Re: Binance BTC Hack is due to 2FA
Post by: Crypto Girl on May 09, 2019, 07:16:24 AM
Hackers will will obtain new ways to really hack our accounts here in crypto. That's why first thing we really do is not to leave huge money in our trading account. 2FA was touted to be the best solutions when is was released years ago, but look at where we are today. Those hackers are really that smart and will always find ways any loopholes in the system even if we have this 3FA.

It is because there is no such system called perfect one. Sadly if you are a huge trader you really need to put a lot of amounts to certain exchanger and you can't do something about it.

The question here if it really happened or this was just a propaganda for them to take advantage.
That was the rumors was about that it's just a show up and poor traders that's been under had nothing to do but to pray for their money. Though, it's under SAFU but still it just prove how vulnerable the system is.

Anyway, they should push through the 3fa to bring back the trust and confidence in the platform, after all it's their liabilities.


Title: Re: Binance BTC Hack is due to 2FA
Post by: hahahafr on May 09, 2019, 07:41:54 AM
It's so sad that these hackers always get to have their way with the funds of users as and when they please. I believe it is time we really give the development of Decentralized Exchanges some level of attention because no matter how these centralized exchanges claim they are they still get hacked.


Title: Re: Binance BTC Hack is due to 2FA
Post by: hungsanh2512 on May 09, 2019, 07:53:44 AM
I think the current situation of binance. 3FA is also gradually used. At least it will make people feel more confident and confident. Any form will have its advantages and disadvantages. People are still the key to all security.


Title: Re: Binance BTC Hack is due to 2FA
Post by: TheKeyLongThumbI on May 09, 2019, 08:20:52 AM
With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

https://cryptobriefing.com/binance-promises-to-cover-7000-btc-lost-in-hack/


What? All this time I thought that activating 2fa on all my accounts made me feel that my funds are very secured but now it is vulnerable? Then that 3FA approach is useless then. I think we need more softwares to successfully track this hackers instead of buffing up the security measures each time it gets breached because these hackers will just study it until they crack the code again and again.


Title: Re: Binance BTC Hack is due to 2FA
Post by: bob123 on May 09, 2019, 08:35:10 AM
3Fa would certainly change things.

I don't think so.

Most people are lazy as f**k. They would probably use 1 device (e.g. their mobile) for the 2nd and 3rd factor, therefore basically creating a 2FA again.

If done properly, it definitely increases the security. But i doubt the majority will be able to handle this correctly.



What? All this time I thought that activating 2fa on all my accounts made me feel that my funds are very secured but now it is vulnerable?

It is not vulnerable.
But if you don't know how to protect your sensitive information... it is only your fault.

It's like saying "I thoughts passwords are secure, now my account is at risk if i tell everyone my password ?".

If you keep your 2FA codes secure, so that noone except for you can access them, it is safe.
If you share your 2FA codes (or they can be accessed by other in any other way), it is not.


Title: Re: Binance BTC Hack is due to 2FA
Post by: CryptoBry on May 09, 2019, 08:56:45 AM
Quote
What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

This 3FA can be coming soon triggered by what just happened in Binance which resulted into the loss of around $40 Million dollars putting the security measures of Binance into question. Now, this can be a little bit funny, because when hackers can find out the best to go around with 3FA we can expect to get 4FA. I am then suggesting that to pole-vault the technology on this side, why not go directly to 6FA so that hackers can have a hell of time destroying its protection? Okay, am just kidding but then why not, right?


Title: Re: Binance BTC Hack is due to 2FA
Post by: LuckyBtc on May 09, 2019, 09:11:34 AM
With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

https://cryptobriefing.com/binance-promises-to-cover-7000-btc-lost-in-hack/


What? All this time I thought that activating 2fa on all my accounts made me feel that my funds are very secured but now it is vulnerable? Then that 3FA approach is useless then. I think we need more softwares to successfully track this hackers instead of buffing up the security measures each time it gets breached because these hackers will just study it until they crack the code again and again.
One solution is just to use DEX, We need people to start using DEX and protect themselves from hackers, We should be responsible for our own protection. Hardware wallet + dedicated OS for crypto transactions should be used I think.


Title: Re: Binance BTC Hack is due to 2FA
Post by: pokermaniacxxx on May 09, 2019, 09:39:02 AM
This is really bad news... Binance should have invested more in security


Title: Re: Binance BTC Hack is due to 2FA
Post by: joshy23 on May 09, 2019, 10:36:58 AM
It's so sad that these hackers always get to have their way with the funds of users as and when they please. I believe it is time we really give the development of Decentralized Exchanges some level of attention because no matter how these centralized exchanges claim they are they still get hacked.
Whatever they claimed that they are safe, hackers job is to keep trying to penetrate the security of the exchange so for sure they will find ways
to do that, they will keep doing it until finally got a victim and enjoy the sucked profits from someone's wallet. really need to be more extra careful
whenever you have good amount of money inside the exchange.


Title: Re: Binance BTC Hack is due to 2FA
Post by: TheHas on May 09, 2019, 11:08:36 AM
I doubt 3fa will make much difference in the longterm, just like 2fa didnt make a difference l.

My fiat bank doesn't require 3fa, so why is that the answer for a crypto exchange?

To use an analogy, instead of investing in 3 padlocks, it would be more secure to invest in a Safe. I feel like 3fa is just adding an extra layer of the same depth of security.

When Binance finishes their investigation, I doubt 3fa will be their recommended action for this hack.


Title: Re: Binance BTC Hack is due to 2FA
Post by: bob123 on May 09, 2019, 11:17:17 AM
One solution is just to use DEX, We need people to start using DEX and protect themselves from hackers, We should be responsible for our own protection.

People weren't able to protect their API-keys and 2FA codes which lead to the loss of funds.
So how should they going to be capable of protecting their private keys..



This is really bad news... Binance should have invested more in security

Binance's security is fine. Based on all information, it is each users fault for not protecting his 2FA codes / API keys.
It hasn't been mentioned anywhere that there was some security breach.



Whatever they claimed that they are safe, hackers job is to keep trying to penetrate the security of the exchange so for sure they will find ways
to do that

That's true, but in this case it the fault of each affected user individually.



To use an analogy, instead of investing in 3 padlocks, it would be more secure to invest in a Safe.

It is the user who has to use the safe (i.e. securely storing api key / 2FA codes).
Binance can't force anyone to protect their password / 2FA code / etc..


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 01:18:35 PM
I mean do the two options I presented

add a throttle on withdraws (I could cook up this code and have no education in coding)

and 3fa/4fa/5fa (WARNING THIS MAY LEAD TO A WEAPON OF MASS DESTRUCTION or a WEAPON OF MASS SAFETY)
https://www.cnbc.com/2019/05/08/facebook-rolls-back-ban-on-cryptocurrency-ads.html


Title: Re: Binance BTC Hack is due to 2FA
Post by: examplens on May 09, 2019, 01:24:10 PM
Eventually sooner or later hackers will be able to obtain new tactics or find out any loopholes of the said 3FA. Therefore the best thing to do is to always move your funds in and out from any trading platforms.

I know this is kinda toxic idea but I think that is one of the best thing we can do for now.

You have people who earn from trading. So, they need to have funds on the platform because then he can trade with them. Just think how complicated after every trade to withdraw funds and deposit it again for a new trade.


Imagine I had a blockchain of everyone and their face in my country, we could set up drone helicopter or plane to scan your face and if it does not match our data base, it kills you.


Interesting idea for new KYC method.  ;D


Title: Re: Binance BTC Hack is due to 2FA
Post by: TimeBits on May 09, 2019, 04:26:58 PM
Eventually sooner or later hackers will be able to obtain new tactics or find out any loopholes of the said 3FA. Therefore the best thing to do is to always move your funds in and out from any trading platforms.

I know this is kinda toxic idea but I think that is one of the best thing we can do for now.

You have people who earn from trading. So, they need to have funds on the platform because then he can trade with them. Just think how complicated after every trade to withdraw funds and deposit it again for a new trade.


Imagine I had a blockchain of everyone and their face in my country, we could set up drone helicopter or plane to scan your face and if it does not match our data base, it kills you.


Interesting idea for new KYC method.  ;D

inb4 facebook is using it

https://www.youtube.com/watch?v=l4x0vOAu0lQ

inb4 we are all dead


Title: Re: Binance BTC Hack is due to 2FA
Post by: figmentofmyass on May 09, 2019, 06:42:18 PM
One solution is just to use DEX, We need people to start using DEX and protect themselves from hackers, We should be responsible for our own protection.

People weren't able to protect their API-keys and 2FA codes which lead to the loss of funds.
So how should they going to be capable of protecting their private keys..

Binance's security is fine. Based on all information, it is each users fault for not protecting his 2FA codes / API keys.
It hasn't been mentioned anywhere that there was some security breach.

that's my belief based on the statements binance made, but AFAIK no details about how 2FA and API keys were compromised have been released. have they? they have urged all users to change passwords, 2FA, and most specifically API keys so i guess we can't be sure this is 100% client side yet. API keys were hacked from binance's servers last year and there have been recent suspicions of an ongoing problem.


Title: Re: Binance BTC Hack is due to 2FA
Post by: darylalban on May 09, 2019, 06:47:09 PM
I think the million dollar question people are trying to solve is to what degree will we need to prove ones identity . 3FA would work but even something as far as 4FA would be necessary.


Title: Re: Binance BTC Hack is due to 2FA
Post by: bob123 on May 10, 2019, 07:00:37 AM
that's my belief based on the statements binance made, but AFAIK no details about how 2FA and API keys were compromised have been released. have they?

No, unfortunately not.
Currently it can only be assumed, but based on their statements it sounded like its not a security problem on their end.



they have urged all users to change passwords, 2FA, and most specifically API keys so i guess we can't be sure this is 100% client side yet.

This indeed sounds strange.
But i guess that's not a clue towards server side problems.

They might want all user to change their secret information because of a server-side security breach or because they believe there are more keys somehow laked / stolen.



API keys were hacked from binance's servers last year and there have been recent suspicions of an ongoing problem.

Were they ?

I remember that most (if not all) people had their API key entered into a 3rd party trading software/script.
And this software had maliciously used the API keys to buy (and pump) a worthless coin, which has been sold by the attacker to get lots of profit out of it.

I didn't see any news regarding the security of binance being compromised. IIRC it was 100% users fault back then.


Title: Re: Binance BTC Hack is due to 2FA
Post by: TheHas on May 10, 2019, 10:04:27 AM

It is the user who has to use the safe (i.e. securely storing api key / 2FA codes).
Binance can't force anyone to protect their password / 2FA code / etc..

But the issue wasn't that people were careless with their 2fa or passwords. The issue was that Binance had a security breach that circumvented these security checks.

I get that in crypto you are responsible for your own security - but in this case the problem wasn't the user, it was the 'trusted' and apparently 'safu' centralized exchange, who has such an inflated sense of self importance that they were considering risking the entire integrity of Bitcoin through a roll back.


Title: Re: Binance BTC Hack is due to 2FA
Post by: bob123 on May 10, 2019, 11:17:28 AM
It is the user who has to use the safe (i.e. securely storing api key / 2FA codes).
Binance can't force anyone to protect their password / 2FA code / etc..

But the issue wasn't that people were careless with their 2fa or passwords. The issue was that Binance had a security breach that circumvented these security checks.

I get that in crypto you are responsible for your own security - but in this case the problem wasn't the user, it was the 'trusted' and apparently 'safu' centralized exchange, who has such an inflated sense of self importance that they were considering risking the entire integrity of Bitcoin through a roll back.


Do you have any source for this statement ?

I can't find any news stating that binance's security was compromised.


Title: Re: Binance BTC Hack is due to 2FA
Post by: LuckyBtc on May 10, 2019, 01:41:23 PM
It is the user who has to use the safe (i.e. securely storing api key / 2FA codes).
Binance can't force anyone to protect their password / 2FA code / etc..

But the issue wasn't that people were careless with their 2fa or passwords. The issue was that Binance had a security breach that circumvented these security checks.

I get that in crypto you are responsible for your own security - but in this case the problem wasn't the user, it was the 'trusted' and apparently 'safu' centralized exchange, who has such an inflated sense of self importance that they were considering risking the entire integrity of Bitcoin through a roll back.


Do you have any source for this statement ?

I can't find any news stating that binance's security was compromised.
Someone on Twitter claiming he had found a glitch that could let him/her bypass 2fa and captcha on iOS devices, He had reported it to Binance but was ignored.
https://twitter.com/pacpoker/status/1094814265981190145?s=19


Title: Re: Binance BTC Hack is due to 2FA
Post by: bob123 on May 10, 2019, 02:14:11 PM
Someone on Twitter claiming he had found a glitch that could let him/her bypass 2fa and captcha on iOS devices, He had reported it to Binance but was ignored.
https://twitter.com/pacpoker/status/1094814265981190145?s=19

This was 3 months ago. And he didn't make the glitch public, which said he will do.

Furthermore the 2FA is checked server-side. So technically it is not possible to bypass 2FA by manipulating the client (in this case: the iOS app).

IMO this was just a bad joke. And far away from being a 'source' to the statement that binance had a security breach.


Title: Re: Binance BTC Hack is due to 2FA
Post by: Patatas on May 10, 2019, 06:18:48 PM
With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

https://cryptobriefing.com/binance-promises-to-cover-7000-btc-lost-in-hack/
Do you actually believe that news? Apart from bitcointalk, every other community thinks it's an inside job which I pretty much agree with. It's not the first time, neither last that these exchange owners like to fuck around with the traders. At this point, I've digested it.


Title: Re: Binance BTC Hack is due to 2FA
Post by: squatter on May 11, 2019, 07:06:37 AM
Do you actually believe that news? Apart from bitcointalk, every other community thinks it's an inside job which I pretty much agree with. It's not the first time, neither last that these exchange owners like to fuck around with the traders. At this point, I've digested it.

If they're covering the lost funds from their own money, why would you assume it's an inside job? What does Binance have to gain by telling the world they got hacked?


Title: Re: Binance BTC Hack is due to 2FA
Post by: TravelMug on May 12, 2019, 05:00:09 AM
Someone on Twitter claiming he had found a glitch that could let him/her bypass 2fa and captcha on iOS devices, He had reported it to Binance but was ignored.
https://twitter.com/pacpoker/status/1094814265981190145?s=19

This was 3 months ago. And he didn't make the glitch public, which said he will do.

Furthermore the 2FA is checked server-side. So technically it is not possible to bypass 2FA by manipulating the client (in this case: the iOS app).

IMO this was just a bad joke. And far away from being a 'source' to the statement that binance had a security breach.

I agree, as per Binance they said the hackers was able to obtain 2FA and Google authentication through phishing attack. So there's no way that Binance itself can see if indeed it was from the hacker because they were able to get entry through right channels.