Hackers stole 7,000 bitcoins from a portfolio on Binance, equivalent to US$ 61 million at the current exchange rate. This means an amount equivalent to 2% of the total assets in BTC at Binance at the time of the fraud. The hacking at Binance froze the deposit and withdrawal services for a week. The activities were back to normal on May 15th. But how such a failure could occur in one of the most popular exchanges in the world?
The hackers would have managed to obtain users’ API keys and check codes of two factors. For this purpose, they had used techniques such as phishing and viruses inserts to access the data, according to the article published in the Guide of the Bitcoin,
According to the CIO of Transfer Swiss AG, Márlyson Silva, one of the possible causes for the hacking assault at Binance was the offer of a too low bug bounty prize to the hackers hired by the company to find flaws in the system. As a result, many flaws have been found in the pre-production environment and not properly reported. Whereas the “prize” for a real invasion would be greater. “This social engineering with the ‘ white hackers ‘ had failed. Thus, in pre-production environment any malicious character manages to gather information to implement an invasion, “says Silva.
Hack orchestrated
According to the exchange, seemingly the hackers would have orchestrated the attack. In this way, they´ve managed to evade security checks before the exchange could block the withdrawal. The hack of Binance, according to Silva, would have been from both the institution and the portfolio owner. “The service provided by Binance is very much appreciated, so there’s a feeling of reliance in entrusting the crypto under the custody of the institution. Yet, the biggest fault is from the institution, for the way they had guided the bug bounty”, he says.
Another weakness of the Binance system was the two-factor authentication. In the technology market, it’s known that two-factor authentication systems that use SMS can be spoofed easily via the mobile SIMCard routing to another device.
The safest place for the bitcoin is in the portfolio
Marlyson Silva also reminds that one of the big banks’ approaches to mitigate the risks is the use of the non reprehensible transaction concept. In other words, the bank asks for experts and PhDs to defend the authentication systems used. Thus, when occurring legal disputes regarding account invasion or credit card cloning, the bank claims that the only explanation to have the system infringed would be a breach opened by the user or client in the first place. For those reasons, it is critical to maintain the authentication services with different passwords. In addition, it is also demanding to maintain a personal history on the use of the systems.
Crypto security specialists say that the safest place to store assets is in the portfolio or users’ portfolio, considering the necessary precautions. So, who owns bitcoins should never leave them on the exchange’s account. In other words, they must take responsibility for the safety of their assets. “Systems are flawed, until today the only system really safe for value transfer that we know of is Bitcoin, which has been performing for 10 uninterrupted years”, ratifies Silva.
The portfolios store private keys – encrypted codes used to generate public keys and the address where the owner´s bitcoins are stored. A standard portfolio creates a text file that contains the owner´s private key. If anyone finds out that key, that individual will be able to have control over the bitcoins’s real owner. That’s why it is important to store it safely in an encrypted disk or computer. It is even worthy to copy on paper and hide it safely.
