Binance lost $40.7 million to hackers, which exchange is next!!!

[Ucy]

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange.  They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

[xtraelv]

why did hackers need BTC, how do they cash it?

They cash it by something called money laundering. Let`s say I hack a exchange and get 7000 bitcoin, I could used a mixer and donate to myself on my stream or a friends stream, I could send it to 1000`s of streamers. Are you going to interrogate each one of them for receiving a donation? Now I the streamer cash out my btc into fiat or get someone else to do it on local bitcoins. They needed the btc because they see it is easier to steal than earn, the banks/governments do the same thing with interest and tax and laws, for example here in Canada only they are allowed to sell the booze and weed GANGSTER THUGS!

this is a streamer https://www.ccn.com/twitch-streamer-receives-a-donation-of-20-bitcoins-while-playing-runescape someone who plays games or makes videos on a live stream.
https://www.youtube.com/watch?v=qDzF7oAeaPA 1.7 btc donation
https://www.youtube.com/watch?v=SDUKB4NWMdM  4btc donation then like 4 and 4 and 4 $73K
https://www.youtube.com/watch?v=FmHAlUnfXRY my fav bitcoin alert

also those beggers you see on all the btc gambling sites and on twitter, they could be used as mixers  

How do they cash it out through the streamers though? You are implying that the streamers are aware that they are going to receive these donations and then cash it out for the hackers, making them partners on that crime, are you not?

Some countries have legislation that considers crypto "personal property". Receiving stolen crypto is receiving stolen goods. Good title cannot pass.

I'm sure a judge has heard "he gave me the car for free" before when dealing with someone in possession of a stolen car and it may well be true. But I doubt it stopped then from receiving a penalty.

During the NEM/XEM coincheck hack the hacker deliberately "donated" crypto to various parties and created may small outputs to try to obfuscate forensic analysis but cluster analysis still tends to follow the trail.

Laundering and cashing out still is a major hurdle for a hacker and carries much risk. A lot of the XEM/NEM was sold at a discount on the darknet. I am sure that over the next few years there will be people that regret buying it and participating in the money laundering.

Thieves have all the time to plan and execute a crime. The thieves know all the details about what they have done. But once the crime is committed - enforcement and investigators have all the time to figure it out.

[leps]

why did hackers need BTC, how do they cash it?

They cash it by something called money laundering. Let`s say I hack a exchange and get 7000 bitcoin, I could used a mixer and donate to myself on my stream or a friends stream, I could send it to 1000`s of streamers. Are you going to interrogate each one of them for receiving a donation? Now I the streamer cash out my btc into fiat or get someone else to do it on local bitcoins. They needed the btc because they see it is easier to steal than earn, the banks/governments do the same thing with interest and tax and laws, for example here in Canada only they are allowed to sell the booze and weed GANGSTER THUGS!

this is a streamer https://www.ccn.com/twitch-streamer-receives-a-donation-of-20-bitcoins-while-playing-runescape someone who plays games or makes videos on a live stream.
https://www.youtube.com/watch?v=qDzF7oAeaPA 1.7 btc donation
https://www.youtube.com/watch?v=SDUKB4NWMdM  4btc donation then like 4 and 4 and 4 $73K
https://www.youtube.com/watch?v=FmHAlUnfXRY my fav bitcoin alert

also those beggers you see on all the btc gambling sites and on twitter, they could be used as mixers  

How do they cash it out through the streamers though? You are implying that the streamers are aware that they are going to receive these donations and then cash it out for the hackers, making them partners on that crime, are you not?

Some countries have legislation that considers crypto "personal property". Receiving stolen crypto is receiving stolen goods. Good title cannot pass.

I'm sure a judge has heard "he gave me the car for free" before when dealing with someone in possession of a stolen car and it may well be true. But I doubt it stopped then from receiving a penalty.

During the NEM/XEM coincheck hack the hacker deliberately "donated" crypto to various parties and created may small outputs to try to obfuscate forensic analysis but cluster analysis still tends to follow the trail.

Laundering and cashing out still is a major hurdle for a hacker and carries much risk. A lot of the XEM/NEM was sold at a discount on the darknet. I am sure that over the next few years there will be people that regret buying it and participating in the money laundering.

Thieves have all the time to plan and execute a crime. The thieves know all the details about what they have done. But once the crime is committed - enforcement and investigators have all the time to figure it out.

I understand all this but I am still wondering how hackers benefit in making donations to streamers or to anything else for that matter. Unless the person receiving that donation is also inside the scam.

The Drug Courier for example, they know that they are carring drugs to deliver to the destination and get paid or are coerced to do it. How do streamers fit in this equation?

[TheHas]

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange.  They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

That is a major concern. For the sake of transparency Binance should detail exactly how this happened, so we can see if this is an issue that could exist for every exchange, or if this is a Binance specific security issue.

We'll probably get a 'nothing to see here, we fixed it' response. But we'll find out in a week.

[r1s2g3]

Binance API keys have problem and this is the first time they accepted it. There API keys were hacked earlier too.

https://hackernoon.com/how-your-trading-api-keys-can-be-used-to-drain-your-funds-f9148d1e6d33

https://coingape.com/binance-hacked-or-syscoin-blockchain-compromised/

[xtraelv]

I understand all this but I am still wondering how hackers benefit in making donations to streamers or to anything else for that matter. Unless the person receiving that donation is also inside the scam.

The Drug Courier for example, they know that they are carring drugs to deliver to the destination and get paid or are coerced to do it. How do streamers fit in this equation?

By making thousands of payments to random people the hacker can obfuscate transactions made to those involved in the hack.

It would be hard to judge whether a payment was made to a random person or someone involved in the hack.

Some hackers have done this in the past. Clustering of payments usually still make it identifiable.

The theory is that if you give 99% of the stolen funds to strangers it becomes hard for the police to identify the hacker who manages to launder 1% (or more).

Since it is then impossible to determine whether it was a random payment or a payment to the person linked to the crime.

In practice it still can result in being charged with "receiving stolen goods" if someone uses or moves the funds.

[DrDoctor1234]

Poor implementation of a decentralized exchange is different to whether the idea of a decentralized is better or worse than a centralized exchange - I'd say its better.

Not quite the same, but something like DAI/MKR where everything is done through smart contracts to create a CDP, is better than having a central entity do the equivalent work imo.

The alternative is that we keep trusting exchanges like Binance, wait 6-12 months and post the same thing again about how much money was lost this time round.

While I agree with you in part.

All hacks are because a security flaw wasn't considered or patched. Whether centralized or decentralized.

With a DEX - who will do the coding. Coding by consensus ? There are a limited number of people that understand or comprehend the code.  Even the best make mistakes.

Coin networks cannot even get the security right yet. A massive number of coins have been exploited this year and a lot of them haven't even announced it publicly.

It will be a long time before a DEX will provide real benefits over a centralized exchange.(Don't get me wrong - I am pro DEX - but real DEX don't exist yet.)

I'd still prefer coding (or smart contracts) that are open source for anyone to see, rather than a centralized exchange where we don't know wtf is going on.

Does anyone know what the security is like at Binance? Not really. It is intentionally 'secret' for 'security' reasons (didn't help much).

With something like a real DEX, or smart contract set ups like MKR/DAI, anyone can review the coding/contract, and see if they are comfortable with the security from there.

Not saying that DEX is currently perfect, but hopefully over the years it will be much better than what we have now. Like you're saying I hope that a real complete DEX will exist soon.

[leps]

I understand all this but I am still wondering how hackers benefit in making donations to streamers or to anything else for that matter. Unless the person receiving that donation is also inside the scam.

The Drug Courier for example, they know that they are carring drugs to deliver to the destination and get paid or are coerced to do it. How do streamers fit in this equation?

By making thousands of payments to random people the hacker can obfuscate transactions made to those involved in the hack.

It would be hard to judge whether a payment was made to a random person or someone involved in the hack.

Some hackers have done this in the past. Clustering of payments usually still make it identifiable.

The theory is that if you give 99% of the stolen funds to strangers it becomes hard for the police to identify the hacker who manages to launder 1% (or more).

Since it is then impossible to determine whether it was a random payment or a payment to the person linked to the crime.

In practice it still can result in being charged with "receiving stolen goods" if someone uses or moves the funds.

I get it now. Crazy to think that hackers go through all this trouble to get 1% to 10% of the loot. Wouldn't it make more sense to sell it on the darkweb? I know that the darkweb markets were moving the goods through monero transactions but never understood how could they buy monero with btc without being traced from those btc transactions since btc is not completely untraceable.

[dunfida]

Binance API keys have problem and this is the first time they accepted it. There API keys were hacked earlier too.

https://hackernoon.com/how-your-trading-api-keys-can-be-used-to-drain-your-funds-f9148d1e6d33

https://coingape.com/binance-hacked-or-syscoin-blockchain-compromised/

Thanks for the share up!

They do messed up on this one.Hacking incident in the middle of the Hype of their Binance chain is heavily affected.This is just like a broken glass which it would
really be hard to bring it back into its original form when they are trying to fixed but somehow they are trying out their best.

What exchange next? No one would able to know but as long these hackers can see on how they can milk out some money then
we would be just be surprised.

[jossiel]

As he said that's an expensive experience and lesson and I think this wasn't the first time that happened some bugs or hacks on their exchange. The syscoin thing also happened to them.

https://coingape.com/binance-hacked-or-syscoin-blockchain-compromised/

Yeah, this thanks to this link.

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange.  They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

We don't know when they will be attacking again and yeah it's likely they can attack any exchange that they want. We seem to believe that Binance has the highest security but after the incident our expectation has changed.

[btc_angela]

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange.  They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

They could be eyeing this exchange for quite some time now. And because Binance is huge, it's worth their time to find weaknesses in the system and that's why they do. So they could literally hit any exchange if those hackers took the time and drain other exchanges money as well.

[Netnox]

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange.  They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

They could be eyeing this exchange for quite some time now. And because Binance is huge, it's worth their time to find weaknesses in the system and that's why they do. So they could literally hit any exchange if those hackers took the time and drain other exchanges money as well.

So sad that these exchanges are not taking the necessary steps to prevent such malicious activities. As far as I know, the Binance hack was not a sudden attack that happened in a matter of a few seconds. The hackers took at least a few hours to move the coins from the Binance hotwallets. And it surprises me that none of the staff noticed the robbery while it was going on.

[Jating]

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange.  They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

They could be eyeing this exchange for quite some time now. And because Binance is huge, it's worth their time to find weaknesses in the system and that's why they do. So they could literally hit any exchange if those hackers took the time and drain other exchanges money as well.

So sad that these exchanges are not taking the necessary steps to prevent such malicious activities. As far as I know, the Binance hack was not a sudden attack that happened in a matter of a few seconds. The hackers took at least a few hours to move the coins from the Binance hotwallets. And it surprises me that none of the staff noticed the robbery while it was going on.

It's because there are not warning or red flag about this withdrawals. The hackers obtain the 2FA's and anything related to withdrawals from accounts that why Binance wasn't able to catch want's going on.

Maybe they think it's just a normal withdrawal process that's happening. Until such time they realises or someone reported that there is a hack, but it's too late as the hackers was able to get away already.

[Caladonian]

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange.  They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

They could be eyeing this exchange for quite some time now. And because Binance is huge, it's worth their time to find weaknesses in the system and that's why they do. So they could literally hit any exchange if those hackers took the time and drain other exchanges money as well.

They are good from what they've doing, there's no escape from any target as this hacker/s really have the knowledge and capabilities to breached in
with any securities they will find any possible way just to break and sucked wallets and move away with the money from the exchange.

Time now for every exchange to find good backend support group to take care of securities and protect their business.

[ene1980]

Binance API keys have problem and this is the first time they accepted it. There API keys were hacked earlier too.

https://hackernoon.com/how-your-trading-api-keys-can-be-used-to-drain-your-funds-f9148d1e6d33

https://coingape.com/binance-hacked-or-syscoin-blockchain-compromised/

This is a fucked up revelation by CZ who was promoting and encouraging everyone to keep their coins in the exchange as it is super safe, he should be prosecuted for the mishandling of things and not revealing their security problems to the public, if they really knew that earlier and never reported it to its users, it is a crime to begin with, i am not going back to that exchange in the near future.

[jerry0]

I have some coins in binance.  They do still show up there.  So in this hack, does anyone know what percentage of users were affected?  Were they mostly bitcoin holders?  Were there altcoin holders that got coins hacked?  Or was this only binance wallet?


Did they reimburse users who were affected by this?  Or no users were affected by this?



Also if someone has 2FA enabled, they are not safe from this?

[bradock]

and the  hackers starting to sell users database infos in the darknet its have like 7m user database

[stadus]

and the  hackers starting to sell users database infos in the darknet its have like 7m user database

This is risky, personally I pass the KYC so my information is now not a secret if it's happening.
Even big exchanges can be victim of this, I wish we have some sort of exchange that does not require any KYC,but we cannot do it since they are regulated by the government.

I think Exchanges should be penalize if they got hack as not only our coins are compromised, but our information as well.

[ene1980]

This is risky, personally I pass the KYC so my information is now not a secret if it's happening.
Even big exchanges can be victim of this, I wish we have some sort of exchange that does not require any KYC,but we cannot do it since they are regulated by the government.

I think Exchanges should be penalize if they got hack as not only our coins are compromised, but our information as well.

They will not tell you whether the personal information you gave are safe with them, we have seen many hacks in the past and what happens all of our personal data will appear in some dark site to be sold and only then people will understand the gravity of the incident, every exchange will follow the AML rules so that they do not get in trouble for their business but at what cost in the big question. Yes i support the idea of penalizing the exchange for their reckless behavior for not taking care of their security.

[Clement Kaliyar]

Another news from binance as they went offline all of a sudden citing hard disk error and here is the thread regarding that PREVIOUSLY NOT ALLOWING TRADING it clearly shows that the misfortunes of binance still continues, eager to see what CZ has to say about this issue and whether his confidence still shows up in his tweets  .