[2019-05-08] Binance Confirms 7000BTC ($40m) Security Breach - page 2.

bbc.reporter

legendary

Activity: 2926

Merit: 1440

@Slow death. The solution is for the exchange to be smarter than the thieves. The thieves will never stop trying as long as there is something valuable in the vault.

Quote from: fisheater on May 08, 2019, 01:34:04 AM

Wondering why people put so many btc in their accounts, exchange is good for trading, but not for storing values.

Those people are called whales. They trade cryptocoins by the 100s of thousands of dollars or maybe more in each trade.

Also, I do not know why a rollback was in the discussion for Mr. Changpeng hehehe.

Slow death

legendary

Activity: 3038

Merit: 1100

Leading Crypto Sports Betting & Casino Platform

Quote from: bbc.reporter on May 07, 2019, 10:54:49 PM

Binance is collecting millions in fees. Can it be given an excuse to be this incompetent?

I think you're looking at this tragic event in a very wrong way. They are not incompetent, they are not to blame for have thieves in this crypto world. The biggest problem is the thieves, no one can say that it has an impenetrable security system... there is always some damn thief who will find a way to steal in the system that is considered the safest in the world. We must fight to reduce the actions of these criminals and there must be very harsh penalties against these criminals

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: figmentofmyass on May 08, 2019, 02:14:03 PM

Quote from: stompix on May 08, 2019, 12:54:13 PM

~

to be fair, jeremy rubin floated the idea (as often happens after an event like this, like when mark friedenbach did the same after the bitfinex hack). not CZ. CZ just responded to jeremy's twitter post. it wasn't like CZ was intent on rolling back the network when the hack happened. a bitcoin dev just floated the idea and he fleshed out the idea in the hours following the hack. he probably should have done so in private rather than his live periscope.

obviously the idea was not well conceived or received so it was scrapped fairly quickly.

He might not have been been the one with the idea but for him to even start discussing this is enough:

Quote

After speaking with various parties, including @JeremyRubin, @_prestwich, @bcmakes, @hasufl, @JihanWu and others, we decided NOT to pursue the re-org approach

lols

So it went like this?
- CZ, we can make the funds SAFU
......
- JW, no funds SAFU u idiot, we f*** up with BCH I'm not destroying BTC also, SAFU your *****! Grin

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: stompix on May 08, 2019, 12:54:13 PM

I imagine CZ:
- Rollback, the funds must be SAFU!
- We can't rollback, that is not our currency!
- Get me the devs, the funds must be SAFU!
- Bitcoin devs can't do that either!
- Finds satoshi and rollback or I delist, funds must be SAFU!!!

to be fair, jeremy rubin floated the idea (as often happens after an event like this, like when mark friedenbach did the same after the bitfinex hack). not CZ. CZ just responded to jeremy's twitter post. it wasn't like CZ was intent on rolling back the network when the hack happened. a bitcoin dev just floated the idea and he fleshed out the idea in the hours following the hack. he probably should have done so in private rather than his live periscope.

obviously the idea was not well conceived or received so it was scrapped fairly quickly.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: 1Referee on May 08, 2019, 04:53:27 AM

Quote from: Juggy777 on May 08, 2019, 03:54:21 AM

It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.

There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....

I imagine CZ:
- Rollback, the funds must be SAFU!
- We can't rollback, that is not our currency!
- Get me the devs, the funds must be SAFU!
- Bitcoin devs can't do that either!
- Finds satoshi and rollback or I delist, funds must be SAFU!!!

I told you that when he said he is going to delist bitcoinsv we're opening a pandora's box?
Most of you said that yeah, it's a shit coin, must be delisted, let's hear your opinion when exchanges are going to force rollbacks ;P

Quote from: Obao6 on May 08, 2019, 04:58:28 AM

Now is a good time for him to tell us to use his DEX.

DEX is just another unicorn that won't work and when it finally comes up you realize you've ended with a mule.

webtricks

legendary

Activity: 1918

Merit: 1728

Quote from: figmentofmyass on May 08, 2019, 02:31:15 AM

all of the articles repeat the same report from binance---that the hackers used "several techniques over a long period of time" such as "phishing, viruses and other attacks". combined with CZ's comments that the attack was coordinated across "multiple seemingly independent accounts" at once, it sounds like the attackers compromised accounts on the client side and quietly waited to execute an attack across many accounts at once.

thank goodness for the safu fund.....

And what if these well-orchestrated actions actually coming from within the team or from Binance as a whole? Whom can we trust in the internet-space after all! Or it may be a marketing strategy, I have seen more aggressive marketing tactics than this. I won't be surprised if CZ comes back on Twitter tomorrow and announce this all was just a part of promotion of Binance's SAFU fund service!

Quote from: Obao6 on May 08, 2019, 04:58:28 AM

Now is a good time for him to tell us to use his DEX.

DEX? You mean the type of exchange where bots run the game? The moment you put sell order, bot puts one with fraction less price. All you can do is sell at Buy Price and cry because creating own order which really gets filled is a dream on DEX!

richardsNY

legendary

Activity: 1232

Merit: 1091

Quote from: BitHodler on May 08, 2019, 05:53:50 AM

CZ admitted in one of his Tweets that Bitcoin's ledger is the most immutable ledger on the planet. He understands it now.

If he really believed that, he wouldn't even think about bringing it up. Could it be ignorance? It could be, but you would expect him to know how Bitcoin works considering that it is what his exchange depends on the most. He also needs BTC to dump his BNB stash on people and accumulate as much BTC as possible before his ponzi coin and exchange go bust.

Quote from: Obao6 on May 08, 2019, 04:58:28 AM

Now is a good time for him to tell us to use his DEX.

It's not a DEX. It's a centralized shithole to pump his BNB ponzi coin.

pixie85

hero member

Activity: 2170

Merit: 528

Quote from: roosbit on May 08, 2019, 07:37:02 AM

This is an interesting line "The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said."...are they saying users will not be compensated because the hack mimicked a normal trade/transaction?

But how did they withdraw 40 million dollars? Somebody has to be sitting there and checking this. I can't believe they are allowing automated withdrawals of 1 million dollars.

They used multiple accounts so even if there were 40 fake transactions it's still 1 million dollars per transaction. It doesn't happen very often that somebody withdraws BTC worth a million dollars all at once and 40 million in 1 day should be a big red light for the staff even if it's divided between many accounts.

blurryeyed

full member

Activity: 670

Merit: 120

TIME TO BAN THE YOBIT SCAM!!

So yet another centralized exchange goes rogue, I'm not buying their explanations. I warned about trusting this exchange only a month ago in a different thread:

https://bitcointalksearch.org/topic/m.50029495

...sure enough, it's happened again. Time & time again this happens with centralized exchanges & time & time again people keep using them - STOP IT!

As I said in that thread, trusted centralized exchanges don't exist & never will, because they are centralized.

If you must use an exchange, use a decentralized one or localbitcoins.

roosbit

member

Activity: 893

Merit: 43

Random coins :)

This is an interesting line "The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said."...are they saying users will not be compensated because the hack mimicked a normal trade/transaction?

BitHodler

legendary

Activity: 1526

Merit: 1179

Quote from: 1Referee on May 08, 2019, 04:53:27 AM

There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....

I don't think he intended to inflict harm on Bitcoin. It was a very impulsive thought that popped up in his head he now seems to distance himself from. He always tries to come up with ways to solve problems.

Some times these ways are viable and some times they are not. CZ figured out that even he as most influential exchange operator couldn't get this something done. I am glad that this happened because it's an important lesson.

CZ admitted in one of his Tweets that Bitcoin's ledger is the most immutable ledger on the planet. He understands it now.

ePesoInitiative

sr. member

Activity: 924

Merit: 260

Quote from: serjent05 on May 07, 2019, 11:43:50 PM

The question is how would that large amount goes out of the Binance system? I believe there is a cap of 25 BTC withdrawal even for upgraded one. One of the comment on one of the article regarding that hack stated:

captured from: https://techcrunch.com/2019/05/07/binance-breach/

which make sense.

This article explains how Binance's automation was exploited. The hacker may have not known any Binance private keys. The prize for hackers is so big that the best hackers have been targeting Binance for months. They were patient, a real pro or pros.

Obao6

newbie

Activity: 25

Merit: 1

Now is a good time for him to tell us to use his DEX.

1Referee

legendary

Activity: 2170

Merit: 1427

Quote from: Juggy777 on May 08, 2019, 03:54:21 AM

I feel sad for users who had kept their money on Binance, and possibly have lost their coins forever. In my opinion this is a lesson for all do not store your coins on an exchange, as they’re bound to be hacked sooner or later.

Why feel sad? It's people's own responsibility to not store any number of coins in an exchange, regardless of the purpose. People haven't lost anything at the end of the day, there is the much memed but very important Safu fund that contains enough funds to cover this 7000BTC theft.

Quote from: Juggy777 on May 08, 2019, 03:54:21 AM

It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.

There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....

buwaytress

legendary

Activity: 2842

Merit: 3536

Join the world-leading crypto sportsbook NOW!

Biggest and most trustworthy? Reputation is such a funny thing, isn't it? Mt Gox was by far the biggest and most trustworthy, so much so even devs recommended using them. The biggest names in Bitcoin owners also were using them. And both probably also said they had the best security at the time.

Did that prevent them from getting hacked?

If people aren't going to learn to not keep Bitcoin at these exchanges, then hackers aren't going to suffer from a lack of targets.

Juggy777

hero member

Activity: 2646

Merit: 686

Quote from: bbc.reporter on May 07, 2019, 10:54:49 PM

The biggest and most trust worthy exchanges in the cryptospace should not be hacked. This will not give the users any confidence to trade or to deal more in the cryptospace.

Binance is collecting millions in fees. Can it be given an excuse to be this incompetent?

Changpeng Zhao, CEO of popular cryptocurrency exchange, Binance has confirmed that the platform witnessed a security breach for the first time with the hackers being able to withdraw 7000 BTC ($40 million) in one single transaction. The confirmation came after several leads within the crypto community rumored that such funds had left Binance’s hot wallets before the exchange announced a sudden “unscheduled server maintenance.”

As per the update released by the exchange, the incident took place on May 7, 2019, at 17:15:24 (UTC). The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said.

Moving further, the exchange said the hackers were patient enough to “wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” thus allowing them to bypass existing security checks.

Read in full https://coinfomania.com/binance-hack-7000btc-security-breach/

I feel sad for users who had kept their money on Binance, and possibly have lost their coins forever. In my opinion this is a lesson for all do not store your coins on an exchange, as they’re bound to be hacked sooner or later. It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.

davis196

hero member

Activity: 2968

Merit: 913

Another reason why big centralized cryptocurrency exchange platforms are obsolete and we need to move to peer-to-peer crypto trading.Every time the crypto prices start increasing something bad happens. Grin

Can't people understand that crypto exchange websites are the same as banks,except that they are more vulnerable.

figmentofmyass

legendary

Activity: 1652

Merit: 1483

all of the articles repeat the same report from binance---that the hackers used "several techniques over a long period of time" such as "phishing, viruses and other attacks". combined with CZ's comments that the attack was coordinated across "multiple seemingly independent accounts" at once, it sounds like the attackers compromised accounts on the client side and quietly waited to execute an attack across many accounts at once.

thank goodness for the safu fund.....

fisheater

hero member

Activity: 770

Merit: 605

Wondering why people put so many btc in their accounts, exchange is good for trading, but not for storing values.

hatshepsut93

legendary

Activity: 2954

Merit: 2145

The article doesn't go into detail, does anyone know how exactly the credentials were stolen - were they taken from the servers or from clients? Either way, they should have added more security measures for scenarios like this, maybe some manual reviewing of withdrawals when there's a sudden spike of activity.

Quote from: serjent05 on May 07, 2019, 11:43:50 PM

The question is how would that large amount goes out of the Binance system? I believe there is a cap of 25 BTC withdrawal even for upgraded one. One of the comment on one of the article regarding that hack stated:

captured from: https://techcrunch.com/2019/05/07/binance-breach/

which make sense.

7000/25 = 280

Hackers only needed to pwn 280 accounts in best case, so if it indeed happened, a few thousand of really wealth accounts can be enough to steal 7000 BTC.

Topic: [2019-05-08] Binance Confirms 7000BTC ($40m) Security Breach - page 2. (Read 588 times)