Hackers Steal $41m In Bitcoins From Binance Exchange

Hackers have hit the jackpot after attacking one of the world’s largest cryptocurrency exchanges and stealing 7,000 bitcoins.

The heist, said to be worth a staggering $41m, was admitted by Binance in a security breach update issued on Tuesday, and the exchange said that the hackers had used ‘a variety of techniques’ to carry out the robbery.

It is not the biggest theft of bitcoins to date. That honour goes to Mt Gox, which in 2014 was hacked to the tune of $470m. The theft lead to the liquidation of the exchange.

Binance theft

Until that time Mt Gox had been one of the world’s most popular venue for trading and storing bitcoins, and the collapse left thousands of creditors out of pocket.

Mt. Gox CEO Mark Karpeles’ assets were frozen, whilst Mt. Gox was sued for negligence and fraud.

But Binance has pledged to cover the loss when it opened up about the attack.

“We have discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC),” announced the exchange. “Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks.

“We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” it added. “The hackers were able to withdraw 7000 BTC in this one transaction”

“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the exchange lamented. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”

Binance said that would use its secure asset fund to cover this incident in full and that no user funds would be affected.

Binance said that it would conduct a thorough security review, which should take one week. It also warned that deposits and withdrawals will need to remain suspended during this period.

“Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime,” the exchange said. “We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”

Expert viewpoints

The security industry has offered its thoughts and at least one expert thought that most cryptocurrency-related businesses underestimate or ignore digital risks.

“Technical details of the breach still remain obscure and it would be premature to make any conclusions at this point of time,” said Ilia Kolochenko, founder and CEO of ImmuniWeb.

“Today, all cryptocurrency-related businesses should be well prepared to defend against constant and sophisticated cyber attacks,” he said. “In reality, however, virtually all of them underestimate or ignore digital risks and allocate scant resources for cybersecurity. Most have to compete on a very aggressive and turbulent market and thus are reducing their costs by all available means. Software development suffers most tremendously as cheap outsourced code cannot be secure by definition.”

“To bring certainty to the cryptocurrency markets clear regulatory standards are required, such as is PCI and PA DSS,” said Kolochenko. “Even if they are not a silver bullet, they greatly reduce both the number and average volume of credit cards theft.”

Another expert warned this hack could dramatically affect the volatility of the currency going forward.

“This announcement could have a damaging effect on cryptocurrencies,” noted Jake Moore, cyber security specialist at ESET. “After the rise and fall of crypto in 2017, people have exercised caution when it comes to digital currencies, so this could dramatically affect the volatility of the currency if people question the security of their finances.”

“It seems to be a very well thought out and targeted attack with a damming outcome for all involved, so it goes without saying that everyone with a Binance account should change their API keys and two-factor authentication methods,” said Moore. “Fortunately, those who have been affected will be reimbursed, but who knows how long they will remain customers.”

This well co-ordinated attack was also noted by another expert.

“What is significant about this attack is that the hackers of Binance they used various techniques – from viruses to phishing account – to gain entry to the ‘hot wallet’, said David Atkinson, CEO of Senseon.

“There is nothing unique or clever in this approach, they didn’t discover a zero day exploit,” said Atkinson. “They simply relied on the fact that Binance would be susceptible to the usual hacking techniques, such as malicious emails where office documents contain malicious programs, and – most importantly – wouldn’t have the ability to recognise that each of these small incidents was part of a larger coordinated attack.”

“This speaks to a wider problem of an inability for companies to cross-reference the security data they collect to identify major attacks like these,” said Atkinson. “This is because organisations of Binance’s size typically have dozens of security solutions, many of which are focused on just one threat vector, that are infamously bad at communicating with one another. This is why the company had no idea that there was an organised heist to steal millions of dollars worth of Bitcoin until it was gone.”

The mistake of keeping a ‘hot wallet’ as a centralised store was also noted by another expert.

“This is a major hack in financial terms, and demonstrates why cryptocurrency exchanges are such ready targets for hackers,” said Irra Ariella Khi, CEO of VChain.”In one foul swoop, hackers made away with 7,000 Bitcoins, assets that are near impossible to recoup now they are gone. A lot will be made of the techniques the criminal gang used to extract the funds, and whether Binance should have been better protected against attacks as simple as phishing. However, the biggest mistake Binance made was holding 2 percent of its total assets in a ‘hot wallet’ in the first place.”

“Time and time again we see organisations holding vast amounts of valuable data in one central store,” said Ariella Khi. “Given enough time, hackers will always find a way to break through the defences, no matter how well this central store is protected. Operating in the world of cryptocurrency, Binance should have understood the value of decentralisation to ensure security.”

Another expert said the attack should serve as a wake up call about the threat levels facing organisations.

“The latest attack which saw hackers use phishing attacks and viruses to steal bitcoins worth $41m from Binance should serve as a wake-up call to IT security operations teams across the globe, underlying the developing threat landscape and reinforcing the notion that all organisations have targets firmly on their backs at all times,” said David Mount, Director of Cofense (formerly PhishMe).

“While Binance has no doubt already begun it’s breach remediation process, cyber-attacks and data breaches, such as this one, are an uncomfortable topic for many organisations,” said Mount. “It’s time for organisations to accept some uncomfortable truths about routine approaches to IT defence and think differently. Businesses need to accept and understand there are inevitabilities when it comes to keeping their business secure. Firstly, they will get targeted by threat actors, mainly because every organisation has data that is of value to someone else and secondly, some attacks will get through their defence programmes.”

And lastly an expert pointed out that phishing remains a firm favourite of the hackers.

“Out of all of the attack methods cyber criminals have the choice of today, phishing remains a firm favourite,” said Ed Macnair, CEO of Censornet. “Phishing is a relatively basic hacking method – where criminals simply add infected links into emails that appear to be from trusted sources – but this attack on Binance exchange shows just how successful it can be. With $41 million dollars stolen, this hack is an example of how phishing cannot be overlooked.”

“In addition to how concerning such a large scale and high-value breach is, certain details of the attack highlight the vast extent of Binance exchange’s negligence,” said Macnair. “Binance have stated that once the attack had taken place, ‘various alarms in their system’ were triggered. This is a very half-hearted attempt to claim that they were effectively monitoring security – of course they would be alerted once such a large sum of money had been stolen.

“The issue is, why were their alarm systems not triggered when the criminals were attempting the hack, and would these alarms have actually been of use?” questioned Macnair. “Binance exchange, alongside many other companies who do not have appropriate security measures in place, need to ensure they step up and protect their customers assets.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

NHS Delays Continue After Windows Outage

Patients told to expect delays into this week as disruption to EMIS booking system leads…

13 hours ago

CrowdStrike Says ‘Significant Number’ Of Systems Back Online

CrowdStrike says 'significant number' of systems affected by global outage now back online, as Russia,…

14 hours ago

VW Chief Discusses Free Trade With China Officials

VW chief executive discusses free and fair trade with Chinese officials in Beijing after EU…

20 hours ago

Editorial: CrowdStrike Outage: Is Our IT Too Fragile?

The recent CrowdStrike outage has caused global IT disruptions, impacting businesses and raising serious concerns…

20 hours ago

Nigeria Fines Meta $220m Over Privacy Infringements

Nigerian competition and consumer agency fines Meta $220m over violations of privacy law, after probe…

20 hours ago

Tesla Production Lines ‘Shut Down’ By Global IT Outage

Some Tesla production lines reportedly shut down by worldwide systems failures linked to CrowdStrike software…

21 hours ago