Pages:
Author

Topic: [2019-05-08] Binance Confirms 7000BTC ($40m) Security Breach - page 2. (Read 672 times)

legendary
Activity: 3010
Merit: 1460
@Slow death. The solution is for the exchange to be smarter than the thieves. The thieves will never stop trying as long as there is something valuable in the vault.

Wondering why people put so many btc in their accounts, exchange is good for trading, but not for storing values.

Those people are called whales. They trade cryptocoins by the 100s of thousands of dollars or maybe more in each trade.

Also, I do not know why a rollback was in the discussion for Mr. Changpeng hehehe.
legendary
Activity: 3164
Merit: 1127
Leading Crypto Sports Betting & Casino Platform
Binance is collecting millions in fees. Can it be given an excuse to be this incompetent?

I think you're looking at this tragic event in a very wrong way. They are not incompetent, they are not to blame for have thieves in this crypto world. The biggest problem is the thieves, no one can say that it has an impenetrable security system... there is always some damn thief who will find a way to steal in the system that is considered the safest in the world. We must fight to reduce the actions of these criminals and there must be very harsh penalties against these criminals
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
~

to be fair, jeremy rubin floated the idea (as often happens after an event like this, like when mark friedenbach did the same after the bitfinex hack). not CZ. CZ just responded to jeremy's twitter post. it wasn't like CZ was intent on rolling back the network when the hack happened. a bitcoin dev just floated the idea and he fleshed out the idea in the hours following the hack. he probably should have done so in private rather than his live periscope.

obviously the idea was not well conceived or received so it was scrapped fairly quickly.

He might not have been been the one with the idea but for him to even start discussing this is enough:

Quote
After speaking with various parties, including @JeremyRubin, @_prestwich, @bcmakes, @hasufl, @JihanWu and others, we decided NOT to pursue the re-org approach
lols

So it went like this?
- CZ, we can make the funds SAFU
......
- JW, no funds SAFU u idiot, we f*** up with BCH I'm not destroying BTC also, SAFU your *****! Grin Grin Grin



legendary
Activity: 1652
Merit: 1483
I imagine CZ:
- Rollback, the funds must be SAFU!
- We can't rollback, that is not our currency!
- Get me the devs, the funds must be SAFU!
- Bitcoin devs can't do that either!
- Finds satoshi and rollback or I delist, funds must be SAFU!!!

to be fair, jeremy rubin floated the idea (as often happens after an event like this, like when mark friedenbach did the same after the bitfinex hack). not CZ. CZ just responded to jeremy's twitter post. it wasn't like CZ was intent on rolling back the network when the hack happened. a bitcoin dev just floated the idea and he fleshed out the idea in the hours following the hack. he probably should have done so in private rather than his live periscope.

obviously the idea was not well conceived or received so it was scrapped fairly quickly.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.
There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....

I imagine CZ:
- Rollback, the funds must be SAFU!
- We can't rollback, that is not our currency!
- Get me the devs, the funds must be SAFU!
- Bitcoin devs can't do that either!
- Finds satoshi and rollback or I delist, funds must be SAFU!!!

I told you that when he said he is going to delist bitcoinsv we're opening a pandora's box?
Most of you said that yeah, it's a shit coin, must be delisted, let's hear your opinion when exchanges are going to force rollbacks ;P

Now is a good time for him to tell us to use his DEX.

DEX is just another unicorn that won't work and when it finally comes up you realize you've ended with a mule.
legendary
Activity: 1918
Merit: 1728
all of the articles repeat the same report from binance---that the hackers used "several techniques over a long period of time" such as "phishing, viruses and other attacks". combined with CZ's comments that the attack was coordinated across "multiple seemingly independent accounts" at once, it sounds like the attackers compromised accounts on the client side and quietly waited to execute an attack across many accounts at once.

thank goodness for the safu fund.....

And what if these well-orchestrated actions actually coming from within the team or from Binance as a whole? Whom can we trust in the internet-space after all! Or it may be a marketing strategy, I have seen more aggressive marketing tactics than this. I won't be surprised if CZ comes back on Twitter tomorrow and announce this all was just a part of promotion of Binance's SAFU fund service!

Now is a good time for him to tell us to use his DEX.
DEX? You mean the type of exchange where bots run the game? The moment you put sell order, bot puts one with fraction less price. All you can do is sell at Buy Price and cry because creating own order which really gets filled is a dream on DEX!
legendary
Activity: 1232
Merit: 1091
CZ admitted in one of his Tweets that Bitcoin's ledger is the most immutable ledger on the planet. He understands it now. Smiley

If he really believed that, he wouldn't even think about bringing it up. Could it be ignorance? It could be, but you would expect him to know how Bitcoin works considering that it is what his exchange depends on the most. He also needs BTC to dump his BNB stash on people and accumulate as much BTC as possible before his ponzi coin and exchange go bust.

Now is a good time for him to tell us to use his DEX.

It's not a DEX. It's a centralized shithole to pump his BNB ponzi coin.
hero member
Activity: 2184
Merit: 531
This is an interesting line "The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said."...are they saying users will not be compensated because the hack mimicked a normal trade/transaction?

But how did they withdraw 40 million dollars? Somebody has to be sitting there and checking this. I can't believe they are allowing automated withdrawals of 1 million dollars.

They used multiple accounts so even if there were 40 fake transactions it's still 1 million dollars per transaction. It doesn't happen very often that somebody withdraws BTC worth a million dollars all at once and 40 million in 1 day should be a big red light for the staff even if it's divided between many accounts.
full member
Activity: 670
Merit: 120
TIME TO BAN THE YOBIT SCAM!!
So yet another centralized exchange goes rogue, I'm not buying their explanations. I warned about trusting this exchange only a month ago in a different thread:

https://bitcointalksearch.org/topic/m.50029495

...sure enough, it's happened again.  Time & time again this happens with centralized exchanges & time & time again people keep using them - STOP IT!

As I said in that thread, trusted centralized exchanges don't exist & never will, because they are centralized.

If you must use an exchange, use a decentralized one or localbitcoins.
member
Activity: 893
Merit: 43
Random coins :)
This is an interesting line "The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said."...are they saying users will not be compensated because the hack mimicked a normal trade/transaction?
legendary
Activity: 1526
Merit: 1179
There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....
I don't think he intended to inflict harm on Bitcoin. It was a very impulsive thought that popped up in his head he now seems to distance himself from. He always tries to come up with ways to solve problems.

Some times these ways are viable and some times they are not. CZ figured out that even he as most influential exchange operator couldn't get this something done. I am glad that this happened because it's an important lesson.

CZ admitted in one of his Tweets that Bitcoin's ledger is the most immutable ledger on the planet. He understands it now. Smiley
sr. member
Activity: 924
Merit: 260
The question is how would that large amount goes out of the Binance system?  I believe there is a cap of 25 BTC withdrawal even for upgraded one.  One of the comment on one of the article regarding that hack stated:



captured from: https://techcrunch.com/2019/05/07/binance-breach/

which make sense.

This article explains how Binance's automation was exploited. The hacker may have not known any Binance private keys. The prize for hackers is so big that the best hackers have been targeting Binance for months. They were patient, a real pro or pros.
newbie
Activity: 25
Merit: 1
Now is a good time for him to tell us to use his DEX.
legendary
Activity: 2170
Merit: 1427
I feel sad for users who had kept their money on Binance, and possibly have lost their coins forever. In my opinion this is a lesson for all do not store your coins on an exchange, as they’re bound to be hacked sooner or later.
Why feel sad? It's people's own responsibility to not store any number of coins in an exchange, regardless of the purpose. People haven't lost anything at the end of the day, there is the much memed but very important Safu fund that contains enough funds to cover this 7000BTC theft.

It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.
There is no such a thing as 'not proceeding with a roll back'. This CZ asshole figured out that he couldn't get it done and therefore put his re-org plan to bed.

I had a lot of respect for him, but lost it all and will stop recommending people to use Binance as exchange. Toxic son of a b....
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
Biggest and most trustworthy? Reputation is such a funny thing, isn't it? Mt Gox was by far the biggest and most trustworthy, so much so even devs recommended using them. The biggest names in Bitcoin owners also were using them. And both probably also said they had the best security at the time.

Did that prevent them from getting hacked?

If people aren't going to learn to not keep Bitcoin at these exchanges, then hackers aren't going to suffer from a lack of targets.
hero member
Activity: 2646
Merit: 686
The biggest and most trust worthy exchanges in the cryptospace should not be hacked. This will not give the users any confidence to trade or to deal more in the cryptospace.

Binance is collecting millions in fees. Can it be given an excuse to be this incompetent?

Changpeng Zhao, CEO of popular cryptocurrency exchange, Binance has confirmed that the platform witnessed a security breach for the first time with the hackers being able to withdraw 7000 BTC ($40 million) in one single transaction. The confirmation came after several leads within the crypto community rumored that such funds had left Binance’s hot wallets before the exchange announced a sudden “unscheduled server maintenance.”

As per the update released by the exchange, the incident took place on May 7, 2019, at 17:15:24 (UTC). The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said.

Moving further, the exchange said the hackers were patient enough to “wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” thus allowing them to bypass existing security checks.


Read in full https://coinfomania.com/binance-hack-7000btc-security-breach/

I feel sad for users who had kept their money on Binance, and possibly have lost their coins forever. In my opinion this is a lesson for all do not store your coins on an exchange, as they’re bound to be hacked sooner or later. It’s pertinent to note that Binance Ceo has confirmed they’re not proceeding with a Rollback to recover the hacked coins.
hero member
Activity: 3150
Merit: 937
Another reason why big centralized cryptocurrency exchange platforms are obsolete and we need to move to peer-to-peer crypto trading.Every time the crypto prices start increasing something bad happens. Grin
Can't people understand that crypto exchange websites are the same as banks,except that they are more vulnerable.
legendary
Activity: 1652
Merit: 1483
all of the articles repeat the same report from binance---that the hackers used "several techniques over a long period of time" such as "phishing, viruses and other attacks". combined with CZ's comments that the attack was coordinated across "multiple seemingly independent accounts" at once, it sounds like the attackers compromised accounts on the client side and quietly waited to execute an attack across many accounts at once.

thank goodness for the safu fund.....
hero member
Activity: 770
Merit: 605
Wondering why people put so many btc in their accounts, exchange is good for trading, but not for storing values.
legendary
Activity: 3024
Merit: 2148
The article doesn't go into detail, does anyone know how exactly the credentials were stolen - were they taken from the servers or from clients? Either way, they should have added more security measures for scenarios like this, maybe some manual reviewing of withdrawals when there's a sudden spike of activity.

The question is how would that large amount goes out of the Binance system?  I believe there is a cap of 25 BTC withdrawal even for upgraded one.  One of the comment on one of the article regarding that hack stated:

captured from: https://techcrunch.com/2019/05/07/binance-breach/

which make sense.

7000/25 = 280

Hackers only needed to pwn 280 accounts in best case, so if it indeed happened, a few thousand of really wealth accounts can be enough to steal 7000 BTC.
Pages:
Jump to: