Bitcoin Forum
November 14, 2019, 09:04:50 PM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Binance BTC Hack is due to 2FA  (Read 309 times)
darklus123
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 582


LocalEthereum.com


View Profile
May 09, 2019, 05:58:46 AM
 #21

Hackers will will obtain new ways to really hack our accounts here in crypto. That's why first thing we really do is not to leave huge money in our trading account. 2FA was touted to be the best solutions when is was released years ago, but look at where we are today. Those hackers are really that smart and will always find ways any loopholes in the system even if we have this 3FA.

It is because there is no such system called perfect one. Sadly if you are a huge trader you really need to put a lot of amounts to certain exchanger and you can't do something about it.

The question here if it really happened or this was just a propaganda for them to take advantage.

████
████
████
████
████          
████             █████████▄
████           ██████████████
████          ██████     ██████
████         ██████       █████
██████████████████████████████
█████████████████████████████▀
              ██████▄
               ██████████████
                 ████████████
  LocalEthereum    50+ Ways To Buy & Sell Ethereum (ETH)   ▄████████████████████▄
██████████████████████
██████████████████████
██████▀▀██████████████
████▀░░░░▀████████████
███▀░░▄▄░░░░░░░░░░████
███▄░░▀▀░░▄▄░░▄▄░░████
████▄░░░░▄██▄▄██▄▄████
██████▄▄██████████████
██████████████████████
██████████████████████
▀████████████████████▀
▄████████████████████▄
██████████████████████
██████████████████████
█████░░▀▀░░░░▀▀░░█████
█████░░░░░░░░░▄░░█████
█████▄░░░░░░▄▀░░▄█████
██████░░░▀▄▀░░░░██████
███████░░░░░░░░███████
████████░░░░░░████████
█████████▄░░▄█████████
██████████████████████
▀████████████████████▀
No verificationsNon-Custodial
Built-in Escrow   ● External Wallet Integration
1573765490
Hero Member
*
Offline Offline

Posts: 1573765490

View Profile Personal Message (Offline)

Ignore
1573765490
Reply with quote  #2

1573765490
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573765490
Hero Member
*
Offline Offline

Posts: 1573765490

View Profile Personal Message (Offline)

Ignore
1573765490
Reply with quote  #2

1573765490
Report to moderator
GetAurox
Copper Member
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
May 09, 2019, 06:07:49 AM
 #22

Seems like another swim swapping incident.
cipherhut
Newbie
*
Offline Offline

Activity: 99
Merit: 0


View Profile WWW
May 09, 2019, 06:08:43 AM
 #23

2FA then 3FA then what? Hackers will definitely find loopholes to break the security walls, to restrict such incidences we need to explore the biometric section where we can trace the unique identity and it will at least minimizes the intensity of getting hacked.

squatter
Hero Member
*****
Online Online

Activity: 1274
Merit: 942


STOP SNITCHIN'


View Profile
May 09, 2019, 06:19:52 AM
 #24

Imagine being in a mcdonalds and everyone walks up and orders something from the cashier at the same time, that is what is going on here.
Why not make them form a line and take each customer one at a time? or 3-4...

Because that would be incredibly slow and customers would complain about withdrawal delays. It would also be costly (transaction fee wise) and bad for the Bitcoin network because they couldn't batch transactions.

It is pretty simple you set up a system where "if certain amount of users withdraw or alts are being traded and exchanged for btc which exceeds above normal a rate of traffic by 1.5x or 2x transactions" exec queue timer.

They are trying to support large scale API trading... bots, algorithms. Is that a realistic approach?

With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

If SIM card porting was required, then 2FA (with OTP authentication like Google Authenticator) is still fine going forward.

Nadziratel
Sr. Member
****
Offline Offline

Activity: 854
Merit: 270



View Profile
May 09, 2019, 06:27:18 AM
 #25

No matter how hard we try. One day they will find a way again. This is the life story of mankind. First, the disease occurs, then the humanity to deal with. Sometimes the solution comes in days. Sometimes it takes years. There's not a lot we can't come up with. I'm sure there will be an extra security measure now and this will be enough for a while. Then we will experience the same things ... The nature of mankind ...

Kakmakr
Legendary
*
Offline Offline

Activity: 1834
Merit: 1381

CryptoTalk.Org - Get Paid for every Post!


View Profile
May 09, 2019, 06:44:51 AM
Merited by TimeBits (1)
 #26

In the end, most security measures can be circumvented if people are working from the inside to enable these hacks to take place or through negligence.  Roll Eyes  We had a incidence with our home security where someone was working for the security company and he was retrenched when the company struggled.

So being homeless and angry, he sold the database of the sensitive passwords that you give to the security company when the alarm goes off and these people broke into several houses without any security staff responding to the alarm. <All of the victims had landlines, so they just answered the landline when the security company phoned and gave them the password.>  Angry

Social engineered "hacks" are very difficult to stop, because you dealing with people.  Roll Eyes

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
omone1
Member
**
Offline Offline

Activity: 350
Merit: 11

JESUS THE WAY, THE TRUTH AND THE LIFE


View Profile
May 09, 2019, 07:05:13 AM
 #27

Never heard of 3FA before. Just as someone has pointed out if we adopt 3FA, its a matter of time, it will still be hack and we may have to migrate to 4FA and when this is breach, we will have to move on to a higher version and this will go on and on while losses continue to be suffered. I really hope for a technology that can't be compromised, but this is almost impossible. Maybe I phone engineers and other cyber engineers should step in. I wonder how John MaCafee can help in this case, he should drop finding Satoshi for now and see solution to this.

FreeEarnsActivist
Jr. Member
*
Offline Offline

Activity: 124
Merit: 8


View Profile
May 09, 2019, 07:09:17 AM
 #28

If someone interested in an analysis of the transaction, where btc go take a look at Coinfirm analysis: https://twitter.com/Coinfirm_io/status/1126082101080743938
Herbert2020
Legendary
*
Offline Offline

Activity: 1750
Merit: 1132



View Profile
May 09, 2019, 07:14:04 AM
 #29

stop trying to come up with new methods of increasing security. there are already excellent methods available that millions of people are using correctly and have never had any problems. just because someone used some methods in the wrong way which led to a catastrophe of this size it doesn't mean you should reinvent the wheel.

Crypto Girl
Sr. Member
****
Offline Offline

Activity: 980
Merit: 290


View Profile
May 09, 2019, 07:16:24 AM
 #30

Hackers will will obtain new ways to really hack our accounts here in crypto. That's why first thing we really do is not to leave huge money in our trading account. 2FA was touted to be the best solutions when is was released years ago, but look at where we are today. Those hackers are really that smart and will always find ways any loopholes in the system even if we have this 3FA.

It is because there is no such system called perfect one. Sadly if you are a huge trader you really need to put a lot of amounts to certain exchanger and you can't do something about it.

The question here if it really happened or this was just a propaganda for them to take advantage.
That was the rumors was about that it's just a show up and poor traders that's been under had nothing to do but to pray for their money. Though, it's under SAFU but still it just prove how vulnerable the system is.

Anyway, they should push through the 3fa to bring back the trust and confidence in the platform, after all it's their liabilities.

I use this provider to trade Cryptos : Bitcoin Revolution
hahahafr
Hero Member
*****
Offline Offline

Activity: 924
Merit: 501



View Profile
May 09, 2019, 07:41:54 AM
 #31

It's so sad that these hackers always get to have their way with the funds of users as and when they please. I believe it is time we really give the development of Decentralized Exchanges some level of attention because no matter how these centralized exchanges claim they are they still get hacked.




                                           ◢◣                      ◢◣
                                     ◢████◣           ◢████◣
                               ◢████████◣◢████████◣
                               █████████████████
                               █████████████████
                               █████████████████
                               █████████████◤██████
                               ███████████◤████████
                               █████████◤██████████
                               ███████◤████████████
                               █████◤██████████████
                               █████◣                       ◢█████
                               ███████◣            ◢███████
                               █████████◣◢█████████
                               ◥████████◤◥████████◤
                                    ◥████◤            ◥████◤
                                          ◥◤                      



HYDAX
       Secure  
   Efficient
   Simple  
   Medium 
    Twitter  
    Telegram 
[/center
hungsanh2512
Full Member
***
Offline Offline

Activity: 437
Merit: 100



View Profile
May 09, 2019, 07:53:44 AM
 #32

I think the current situation of binance. 3FA is also gradually used. At least it will make people feel more confident and confident. Any form will have its advantages and disadvantages. People are still the key to all security.
TheKeyLongThumbI
Full Member
***
Offline Offline

Activity: 448
Merit: 100


View Profile
May 09, 2019, 08:20:52 AM
 #33

With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

https://cryptobriefing.com/binance-promises-to-cover-7000-btc-lost-in-hack/


What? All this time I thought that activating 2fa on all my accounts made me feel that my funds are very secured but now it is vulnerable? Then that 3FA approach is useless then. I think we need more softwares to successfully track this hackers instead of buffing up the security measures each time it gets breached because these hackers will just study it until they crack the code again and again.
bob123
Legendary
*
Offline Offline

Activity: 1078
Merit: 1571



View Profile WWW
May 09, 2019, 08:35:10 AM
 #34

3Fa would certainly change things.

I don't think so.

Most people are lazy as f**k. They would probably use 1 device (e.g. their mobile) for the 2nd and 3rd factor, therefore basically creating a 2FA again.

If done properly, it definitely increases the security. But i doubt the majority will be able to handle this correctly.



What? All this time I thought that activating 2fa on all my accounts made me feel that my funds are very secured but now it is vulnerable?

It is not vulnerable.
But if you don't know how to protect your sensitive information... it is only your fault.

It's like saying "I thoughts passwords are secure, now my account is at risk if i tell everyone my password ?".

If you keep your 2FA codes secure, so that noone except for you can access them, it is safe.
If you share your 2FA codes (or they can be accessed by other in any other way), it is not.

CryptoBry
Sr. Member
****
Offline Offline

Activity: 924
Merit: 338


CryptoTalk.Org - Get Paid for every Post!


View Profile
May 09, 2019, 08:56:45 AM
 #35

Quote
What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

This 3FA can be coming soon triggered by what just happened in Binance which resulted into the loss of around $40 Million dollars putting the security measures of Binance into question. Now, this can be a little bit funny, because when hackers can find out the best to go around with 3FA we can expect to get 4FA. I am then suggesting that to pole-vault the technology on this side, why not go directly to 6FA so that hackers can have a hell of time destroying its protection? Okay, am just kidding but then why not, right?

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
CryptoTalk.org| 
MAKE POSTS AND EARN BTC!
🏆
LuckyBtc
Legendary
*
Offline Offline

Activity: 1204
Merit: 1010



View Profile
May 09, 2019, 09:11:34 AM
 #36

With the recent Binance hack of 7,000 BTC cyber security firm Ciphertrace pointed out that the reason hackers were able to obtain API keys, 2FA codes and other info was due to hacking hot wallets using a two factor approach, social engineering and SIM card porting of phone numbers.

What Dave Jevans recommends moving forward is a 3FA approach. Has anyone used this or what are your thoughts?

https://cryptobriefing.com/binance-promises-to-cover-7000-btc-lost-in-hack/


What? All this time I thought that activating 2fa on all my accounts made me feel that my funds are very secured but now it is vulnerable? Then that 3FA approach is useless then. I think we need more softwares to successfully track this hackers instead of buffing up the security measures each time it gets breached because these hackers will just study it until they crack the code again and again.
One solution is just to use DEX, We need people to start using DEX and protect themselves from hackers, We should be responsible for our own protection. Hardware wallet + dedicated OS for crypto transactions should be used I think.

.
▄███▄       ▄▄██████▄▄     ▄▄██████▄▄     ▄▄██████▄▄
█████    ▄██████████████▄██████████████▄ █████████████▄
 ▀▀▀    ▄███████████████████████████████▄ █████████████▄
 ▄▄▄   ▄█████▀      ▀███████▀      ▀█████▄ ▀      ▀█████▄
█████  █████          █████          █████          █████
█████  █████          █████          █████          █████

█████  █████          █████          █████          █████

█████  █████          █████          █████        ▄█████▀

█████  █████          █████          ███████████████████

█████  █████          █████          █████████████████▀

 ▀▀██   ▀▀██            ▀██           ▀▀██████████▀▀
███████████████████████████████████████████████████████████████████████████████████████████
.

.IMO Ecosystem.
.
███████████████████████████████████████████████████████████████████████████████████████████
██   ██
 ██   ██
  ██   ██
   ██   ██
    ██   ██
     ██   ██
     ██   ██
    ██   ██
   ██   ██
  ██   ██
 ██   ██
██   ██
pokermaniacxxx
Newbie
*
Offline Offline

Activity: 54
Merit: 0


View Profile
May 09, 2019, 09:39:02 AM
 #37

This is really bad news... Binance should have invested more in security
joshy23
Sr. Member
****
Offline Offline

Activity: 910
Merit: 252



View Profile
May 09, 2019, 10:36:58 AM
 #38

It's so sad that these hackers always get to have their way with the funds of users as and when they please. I believe it is time we really give the development of Decentralized Exchanges some level of attention because no matter how these centralized exchanges claim they are they still get hacked.
Whatever they claimed that they are safe, hackers job is to keep trying to penetrate the security of the exchange so for sure they will find ways
to do that, they will keep doing it until finally got a victim and enjoy the sucked profits from someone's wallet. really need to be more extra careful
whenever you have good amount of money inside the exchange.



BIG WINNER!
[15.00000000 BTC]


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████
▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░▄███
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████
██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░
▀██░▄▄▄▄░████▄▄██▄░░░░
▄████████████▀▀▀▀▀▀▀██▄
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄
▀██░████████░███████░█▀
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████
▀████████████████████▀




Rainbot
Daily Quests
Faucet
TheHas
Full Member
***
Offline Offline

Activity: 616
Merit: 167


View Profile
May 09, 2019, 11:08:36 AM
 #39

I doubt 3fa will make much difference in the longterm, just like 2fa didnt make a difference l.

My fiat bank doesn't require 3fa, so why is that the answer for a crypto exchange?

To use an analogy, instead of investing in 3 padlocks, it would be more secure to invest in a Safe. I feel like 3fa is just adding an extra layer of the same depth of security.

When Binance finishes their investigation, I doubt 3fa will be their recommended action for this hack.
bob123
Legendary
*
Offline Offline

Activity: 1078
Merit: 1571



View Profile WWW
May 09, 2019, 11:17:17 AM
 #40

One solution is just to use DEX, We need people to start using DEX and protect themselves from hackers, We should be responsible for our own protection.

People weren't able to protect their API-keys and 2FA codes which lead to the loss of funds.
So how should they going to be capable of protecting their private keys..



This is really bad news... Binance should have invested more in security

Binance's security is fine. Based on all information, it is each users fault for not protecting his 2FA codes / API keys.
It hasn't been mentioned anywhere that there was some security breach.



Whatever they claimed that they are safe, hackers job is to keep trying to penetrate the security of the exchange so for sure they will find ways
to do that

That's true, but in this case it the fault of each affected user individually.



To use an analogy, instead of investing in 3 padlocks, it would be more secure to invest in a Safe.

It is the user who has to use the safe (i.e. securely storing api key / 2FA codes).
Binance can't force anyone to protect their password / 2FA code / etc..

Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!