Bitcoin Forum
June 19, 2019, 12:14:57 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: [2019-05-08] Binance Confirms 7000BTC ($40m) Security Breach  (Read 365 times)
bbc.reporter
Hero Member
*****
Offline Offline

Activity: 1134
Merit: 553



View Profile
May 08, 2019, 02:54:49 AM
 #1

The biggest and most trust worthy exchanges in the cryptospace should not be hacked. This will not give the users any confidence to trade or to deal more in the cryptospace.

Binance is collecting millions in fees. Can it be given an excuse to be this incompetent?



Changpeng Zhao, CEO of popular cryptocurrency exchange, Binance has confirmed that the platform witnessed a security breach for the first time with the hackers being able to withdraw 7000 BTC ($40 million) in one single transaction. The confirmation came after several leads within the crypto community rumored that such funds had left Binance’s hot wallets before the exchange announced a sudden “unscheduled server maintenance.”

As per the update released by the exchange, the incident took place on May 7, 2019, at 17:15:24 (UTC). The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said.

Moving further, the exchange said the hackers were patient enough to “wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” thus allowing them to bypass existing security checks.


Read in full https://coinfomania.com/binance-hack-7000btc-security-breach/

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                    ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
          ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1560903297
Hero Member
*
Offline Offline

Posts: 1560903297

View Profile Personal Message (Offline)

Ignore
1560903297
Reply with quote  #2

1560903297
Report to moderator
vit05
Hero Member
*****
Offline Offline

Activity: 672
Merit: 523



View Profile
May 08, 2019, 03:03:23 AM
 #2

That would leave a lot of exchanges bankrupt, but for the binance, neither tickles does. But it's one more case involving their API. It seems like an excellent tool for hackers to explore. Much better than trying to steal from users. Explore the failing system of them API + 2fa.
CryptoBry
Sr. Member
****
Offline Offline

Activity: 784
Merit: 290



View Profile
May 08, 2019, 03:04:16 AM
 #3



Binance is supposed to be beyond hacking as we expect that it can avail of the best and the most expensive security technology available at hand. Unfortunately, nothing is really secured in our modern interconnected world as hackers, phishers, scammers and all their cohorts are one step ahead of the game. In fact, the best way to do is to hire those hackers into your side...this is a good idea that Binance should look into. The reality is that Binance can be hacked, what about ordinary guys and gals like us?

                    ‗▄▄▄‗
                  ▄███████▄
                ▄██████████▀
              ▄██████████▀     
            ▄██████████▀       ‗▄▄▄‗
          ▄██████████▀       ▄███████▄
        ▄██████████▀       ▄██████████▀
      ▄██████████▀       ▄██████████▀
    ▄██████████▀       ▄██████████▀       ‗▄▄▄‗
  ▄██████████▀       ▄██████████▀       ▄███████▄
▄██████████▀       ▄██████████▀       ▄█████████
 ▀███████▀       ▄█████████
█▀       ▄████████████
   ▀███▀       ▄██████████▀
       ▄██████████████
             ▄██████████
██      ▄████████████████
           ▄██████████
████    ▄██████████▀███████
         ▄██████████
██████  ▄██████████▀  ██████▀
          ▀███████▀
██████▄██████████▀    █████▀
            ▀███▀
   ███████████████▀      ███▀
                    ▀████████████▀        ▀▀
                      ▀████████▀
                        ▀████▀
                          ▀▀
rETERBASE




























.
rSIGN UP NOWr
serjent05
Legendary
*
Offline Offline

Activity: 1288
Merit: 1054



View Profile
May 08, 2019, 03:43:50 AM
 #4

The question is how would that large amount goes out of the Binance system?  I believe there is a cap of 25 BTC withdrawal even for upgraded one.  One of the comment on one of the article regarding that hack stated:



captured from: https://techcrunch.com/2019/05/07/binance-breach/

which make sense.

......
.L I V E C O I N . N E T.
.
..PROFITBOX..
██  █████████████████████████
  █████████▄      ▄██████████
█████████████▄  ▄████████████
    █████████████████████████
  ██████████▀    ▀█ ▀████████
████  █████▀  ▄▄  ▀█  ▀██████
  ████████▀  ▄██▄  ▀█   ▀████
    ██████   ▀██▀   ██   ████
  █████████▄      ▄██████████
██  █████████▄  ▄████████████
  ███████████████████████████
██  █████████████████████████
  █████████████████████▀ ███
█████████████████████▀   ███
    █████████████▀     ████
  █████████████▀   ██    ████
████  █████▀     ██    ████
  ███████▀   ██    ██    ████
    █████    ██    ██    ████
  ███████    ██    ██    ████
██  █████    ██    ██    ████
  ███████████████████████████
.....
hatshepsut93
Hero Member
*****
Online Online

Activity: 1176
Merit: 717


Bitcoin realist


View Profile
May 08, 2019, 04:59:56 AM
 #5

The article doesn't go into detail, does anyone know how exactly the credentials were stolen - were they taken from the servers or from clients? Either way, they should have added more security measures for scenarios like this, maybe some manual reviewing of withdrawals when there's a sudden spike of activity.

The question is how would that large amount goes out of the Binance system?  I believe there is a cap of 25 BTC withdrawal even for upgraded one.  One of the comment on one of the article regarding that hack stated:

captured from: https://techcrunch.com/2019/05/07/binance-breach/

which make sense.

7000/25 = 280

Hackers only needed to pwn 280 accounts in best case, so if it indeed happened, a few thousand of really wealth accounts can be enough to steal 7000 BTC.

fisheater
Hero Member
*****
Offline Offline

Activity: 756
Merit: 602



View Profile
May 08, 2019, 05:34:04 AM
Merited by richardsNY (1)
 #6

Wondering why people put so many btc in their accounts, exchange is good for trading, but not for storing values.
figmentofmyass
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 795



View Profile
May 08, 2019, 06:31:15 AM
 #7

all of the articles repeat the same report from binance---that the hackers used "several techniques over a long period of time" such as "phishing, viruses and other attacks". combined with CZ's comments that the attack was coordinated across "multiple seemingly independent accounts" at once, it sounds like the attackers compromised accounts on the client side and quietly waited to execute an attack across many accounts at once.

thank goodness for the safu fund.....

davis196
Hero Member
*****
Offline Offline

Activity: 1218
Merit: 542


Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile
May 08, 2019, 06:33:28 AM
Merited by richardsNY (1)
 #8

Another reason why big centralized cryptocurrency exchange platforms are obsolete and we need to move to peer-to-peer crypto trading.Every time the crypto prices start increasing something bad happens. Grin
Can't people understand that crypto exchange websites are the same as banks,except that they are more vulnerable.

Juggy777
Sr. Member
****
Offline Offline

Activity: 966
Merit: 344



View Profile
May 08, 2019, 07:54:21 AM
 #9

The biggest and most trust worthy exchanges in the cryptospace should not be hacked. This will not give the users any confidence to trade or to deal more in the cryptospace.

Binance is collecting millions in fees. Can it be given an excuse to be this incompetent?

Changpeng Zhao, CEO of popular cryptocurrency exchange, Binance has confirmed that the platform witnessed a security breach for the first time with the hackers being able to withdraw 7000 BTC ($40 million) in one single transaction. The confirmation came after several leads within the crypto community rumored that such funds had left Binance’s hot wallets before the exchange announced a sudden “unscheduled server maintenance.”

As per the update released by the exchange, the incident took place on May 7, 2019, at 17:15:24 (UTC). The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said.

Moving further, the exchange said the hackers were patient enough to “wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” thus allowing them to bypass existing security checks.


Read in full https://coinfomania.com/binance-hack-7000btc-security-breach/

I feel sad for users who had kept their money on Binance, and possibly have lost their coins forever. In my opinion this is a lesson for all do not store your coins on an exchange, as they’re bound to be hacked sooner or later. It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.

BitDice[]               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
buwaytress
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 902


I bit, therefore I am


View Profile
May 08, 2019, 08:28:25 AM
Merited by richardsNY (1)
 #10

Biggest and most trustworthy? Reputation is such a funny thing, isn't it? Mt Gox was by far the biggest and most trustworthy, so much so even devs recommended using them. The biggest names in Bitcoin owners also were using them. And both probably also said they had the best security at the time.

Did that prevent them from getting hacked?

If people aren't going to learn to not keep Bitcoin at these exchanges, then hackers aren't going to suffer from a lack of targets.

1Referee
Legendary
*
Offline Offline

Activity: 1904
Merit: 1312

Segwit please.


View Profile
May 08, 2019, 08:53:27 AM
Merited by richardsNY (1)
 #11

I feel sad for users who had kept their money on Binance, and possibly have lost their coins forever. In my opinion this is a lesson for all do not store your coins on an exchange, as they’re bound to be hacked sooner or later.
Why feel sad? It's people's own responsibility to not store any number of coins in an exchange, regardless of the purpose. People haven't lost anything at the end of the day, there is the much memed but very important Safu fund that contains enough funds to cover this 7000BTC theft.

It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.
There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....

Obao6
Newbie
*
Offline Offline

Activity: 25
Merit: 1


View Profile
May 08, 2019, 08:58:28 AM
 #12

Now is a good time for him to tell us to use his DEX.
ePesoInitiative
Sr. Member
****
Offline Offline

Activity: 742
Merit: 259


View Profile
May 08, 2019, 09:04:46 AM
 #13

The question is how would that large amount goes out of the Binance system?  I believe there is a cap of 25 BTC withdrawal even for upgraded one.  One of the comment on one of the article regarding that hack stated:



captured from: https://techcrunch.com/2019/05/07/binance-breach/

which make sense.

This article explains how Binance's automation was exploited. The hacker may have not known any Binance private keys. The prize for hackers is so big that the best hackers have been targeting Binance for months. They were patient, a real pro or pros.
BitHodler
Legendary
*
Offline Offline

Activity: 1288
Merit: 1136


View Profile
May 08, 2019, 09:53:50 AM
 #14

There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....
I don't think he intended to inflict harm on Bitcoin. It was a very impulsive thought that popped up in his head he now seems to distance himself from. He always tries to come up with ways to solve problems.

Some times these ways are viable and some times they are not. CZ figured out that even he as most influential exchange operator couldn't get this something done. I am glad that this happened because it's an important lesson.

CZ admitted in one of his Tweets that Bitcoin's ledger is the most immutable ledger on the planet. He understands it now. Smiley

roosbit
Member
**
Offline Offline

Activity: 252
Merit: 16

FOREVER BITCOIN (BTC) !!!


View Profile
May 08, 2019, 11:37:02 AM
 #15

This is an interesting line "The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said."...are they saying users will not be compensated because the hack mimicked a normal trade/transaction?

                  [ [     BitcoinCasino.com     ] ]                 
                               W E ' V E   G ⚫ T   G A M E                              
Every kind of game. Every kind of bonus. For every type of player.
blurryeyed
Full Member
***
Offline Offline

Activity: 506
Merit: 109


Time to ban the Yobit scam?


View Profile WWW
May 08, 2019, 03:10:36 PM
Merited by richardsNY (1)
 #16

So yet another centralized exchange goes rogue, I'm not buying their explanations. I warned about trusting this exchange only a month ago in a different thread:

https://bitcointalk.org/index.php?topic=5115764.msg50029495#msg50029495

...sure enough, it's happened again.  Time & time again this happens with centralized exchanges & time & time again people keep using them - STOP IT!

As I said in that thread, trusted centralized exchanges don't exist & never will, because they are centralized.

If you must use an exchange, use a decentralized one or localbitcoins.

Warning: Beaxy exchange is lying & refusing to answer questions - BEWARE!!  https://bitcointalk.org/index.php?topic=2912122.msg50692375#msg50692375   Funniest/stupidest shit list thread ever:  https://bitcointalk.org/index.php?topic=1064824.msg20344174#msg20344174   The ultimate example of trust abuse by exposed scammer craslovell...
pixie85
Sr. Member
****
Online Online

Activity: 924
Merit: 274


View Profile
May 08, 2019, 03:51:44 PM
 #17

This is an interesting line "The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said."...are they saying users will not be compensated because the hack mimicked a normal trade/transaction?

But how did they withdraw 40 million dollars? Somebody has to be sitting there and checking this. I can't believe they are allowing automated withdrawals of 1 million dollars.

They used multiple accounts so even if there were 40 fake transactions it's still 1 million dollars per transaction. It doesn't happen very often that somebody withdraws BTC worth a million dollars all at once and 40 million in 1 day should be a big red light for the staff even if it's divided between many accounts.

richardsNY
Legendary
*
Offline Offline

Activity: 1176
Merit: 1084


View Profile
May 08, 2019, 04:23:31 PM
 #18

CZ admitted in one of his Tweets that Bitcoin's ledger is the most immutable ledger on the planet. He understands it now. Smiley

If he really believed that, he wouldn't even think about bringing it up. Could it be ignorance? It could be, but you would expect him to know how Bitcoin works considering that it is what his exchange depends on the most. He also needs BTC to dump his BNB stash on people and accumulate as much BTC as possible before his ponzi coin and exchange go bust.

Now is a good time for him to tell us to use his DEX.

It's not a DEX. It's a centralized shithole to pump his BNB ponzi coin.
webtricks
Sr. Member
****
Offline Offline

Activity: 812
Merit: 287


KnowNoBorders.io


View Profile
May 08, 2019, 04:40:05 PM
 #19

all of the articles repeat the same report from binance---that the hackers used "several techniques over a long period of time" such as "phishing, viruses and other attacks". combined with CZ's comments that the attack was coordinated across "multiple seemingly independent accounts" at once, it sounds like the attackers compromised accounts on the client side and quietly waited to execute an attack across many accounts at once.

thank goodness for the safu fund.....

And what if these well-orchestrated actions actually coming from within the team or from Binance as a whole? Whom can we trust in the internet-space after all! Or it may be a marketing strategy, I have seen more aggressive marketing tactics than this. I won't be surprised if CZ comes back on Twitter tomorrow and announce this all was just a part of promotion of Binance's SAFU fund service!

Now is a good time for him to tell us to use his DEX.
DEX? You mean the type of exchange where bots run the game? The moment you put sell order, bot puts one with fraction less price. All you can do is sell at Buy Price and cry because creating own order which really gets filled is a dream on DEX!

   ▄▄██████▄▄
  ████████████
███▄▄
 ██████████████▀▀▀██▄
████████████████   ▀██▄
████████████████     ▀██
██████████████       ██▌
██████████████        ▐██
██▌▀▀██████▀▀         ▐██
▐██                   ██▌
 ██▄                 ▄██
  ▀██▄             ▄██▀
    ▀██▄▄▄     ▄▄▄██▀
      ▀▀█████████▀▀





███████████████████████████
███████████▀▀         ▀▀███
████████▀   ▄▄██▄  ▀█▄  ▀██
██████▀  ▄████████▄  ▀█  ██
████▀  ▄██████▄▀  ██▄    ██
███▀  ██████▄▀  ▄▀████▄  ██
██▀  █████▄▀  ▄▀██████  ▄██
██  ▀███▄▀  ▄▀███████  ▄███
██    ▀██▄▄▀███████▀  ▄████
██  █▄  ▀████████▀  ▄██████
██▄  ▀█▄  ▀██▀▀   ▄████████
███▄▄         ▄▄███████████
███████████████████████████
███████████████████████████
████████▀▀       ▀▀████████
█████▀   ▄ ▀███▀ ▄   ▀█████
████  ▄████▄ ▀ ▄████▄  ████
███  ▄ ▀███▀ ▄ ▀███▀ ▄  ███
██  ▄██ ▀▀ ▄███▄ ▀▀ ██▄  ██
██  █▀ ▄█ ███████ █▄ ▀█  ██
██   ▄███▄ █████ ▄███▄   ██
███  ████▀ ▄▄▄▄▄ ▀████  ███
████  ▀ ▄ ▀█████▀ ▄ ▀  ████
█████▄  ▀▀▄ ███ ▄▀▀  ▄█████
████████▄▄       ▄▄████████
███████████████████████████
████████     INDUSTRY LEADING BITCOIN SPORTSBOOK     ████████
LIVE
STREAMING
DAILY PRICE
BOOSTS
LIVE DEALER
CASINO
FAST & SECURE
PAYMENTS
███████████████████████████
████████▀▀       ▀▀████████
█████▀  ▄█▄  ▀  ▄▄   ▀█████
████  ▄  ▀    ▀█████▄  ████
███  ▀█▀   ▀█▄   ▀▀██▄  ███
██  ▄    █▄  ▀██▄▄  ▀█▄  ██
██  █▀ ▄  ▀█▄  ▀███▄  ▀  ██
██    ▄██  ▀██▄  ▀███▄   ██
███  ▀████  ▀███▄  ▀█▀  ███
████  ▀████  ▀████▄    ████
█████▄   ▀▀█▄  ▀▀▀   ▄█████
████████▄▄       ▄▄████████
███████████████████████████
███████████████████████████
████████▀▀ █████ ▀▀████████
█████▀    ▄█████▄    ▀█████
██████▄▄█▀▀ ▄▄▄ ▀▀█▄▄██████
███▀███▀ ▄███▀███▄ ▀███▀███
██   █ ▄██▀     ▀██▄ █   ██
██   █ ██         ██ █   ██
██   █ ▀██▄▄█ █▄▄██▀ █   ██
███▄███▄ ▀██▄▄▄██▀ ▄███▄███
██████▀▀█▄▄ ▀▀▀ ▄▄█▀▀██████
█████▄    ▀█████▀    ▄█████
████████▄▄ █████ ▄▄████████
███████████████████████████





[.
WIN WITH US!
]
stompix
Legendary
*
Offline Offline

Activity: 1092
Merit: 1038



View Profile
May 08, 2019, 04:54:13 PM
Last edit: May 08, 2019, 05:11:21 PM by stompix
 #20

It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.
There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....

I imagine CZ:
- Rollback, the funds must be SAFU!
- We can't rollback, that is not our currency!
- Get me the devs, the funds must be SAFU!
- Bitcoin devs can't do that either!
- Finds satoshi and rollback or I delist, funds must be SAFU!!!

I told you that when he said he is going to delist bitcoinsv we're opening a pandora's box?
Most of you said that yeah, it's a shit coin, must be delisted, let's hear your opinion when exchanges are going to force rollbacks ;P

Now is a good time for him to tell us to use his DEX.

DEX is just another unicorn that won't work and when it finally comes up you realize you've ended with a mule.

Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!