Binance lost $40.7 million to hackers, which exchange is next!!! - page 2.

leps

hero member

Activity: 918

Merit: 1001

Quote from: xtraelv on May 10, 2019, 07:41:18 AM

Quote from: leps on May 08, 2019, 11:12:18 PM

I understand all this but I am still wondering how hackers benefit in making donations to streamers or to anything else for that matter. Unless the person receiving that donation is also inside the scam.

The Drug Courier for example, they know that they are carring drugs to deliver to the destination and get paid or are coerced to do it. How do streamers fit in this equation?

By making thousands of payments to random people the hacker can obfuscate transactions made to those involved in the hack.

It would be hard to judge whether a payment was made to a random person or someone involved in the hack.

Some hackers have done this in the past. Clustering of payments usually still make it identifiable.

The theory is that if you give 99% of the stolen funds to strangers it becomes hard for the police to identify the hacker who manages to launder 1% (or more).

Since it is then impossible to determine whether it was a random payment or a payment to the person linked to the crime.

In practice it still can result in being charged with "receiving stolen goods" if someone uses or moves the funds.

I get it now. Crazy to think that hackers go through all this trouble to get 1% to 10% of the loot. Wouldn't it make more sense to sell it on the darkweb? I know that the darkweb markets were moving the goods through monero transactions but never understood how could they buy monero with btc without being traced from those btc transactions since btc is not completely untraceable.

DrDoctor1234

jr. member

Activity: 34

Merit: 21

Quote from: xtraelv on May 08, 2019, 09:31:47 AM

Quote from: DrDoctor1234 on May 08, 2019, 09:19:21 AM

Poor implementation of a decentralized exchange is different to whether the idea of a decentralized is better or worse than a centralized exchange - I'd say its better.

Not quite the same, but something like DAI/MKR where everything is done through smart contracts to create a CDP, is better than having a central entity do the equivalent work imo.

The alternative is that we keep trusting exchanges like Binance, wait 6-12 months and post the same thing again about how much money was lost this time round.

While I agree with you in part.

All hacks are because a security flaw wasn't considered or patched. Whether centralized or decentralized.

With a DEX - who will do the coding. Coding by consensus ? There are a limited number of people that understand or comprehend the code. Even the best make mistakes.

Coin networks cannot even get the security right yet. A massive number of coins have been exploited this year and a lot of them haven't even announced it publicly.

It will be a long time before a DEX will provide real benefits over a centralized exchange.(Don't get me wrong - I am pro DEX - but real DEX don't exist yet.)

I'd still prefer coding (or smart contracts) that are open source for anyone to see, rather than a centralized exchange where we don't know wtf is going on.

Does anyone know what the security is like at Binance? Not really. It is intentionally 'secret' for 'security' reasons (didn't help much).

With something like a real DEX, or smart contract set ups like MKR/DAI, anyone can review the coding/contract, and see if they are comfortable with the security from there.

Not saying that DEX is currently perfect, but hopefully over the years it will be much better than what we have now. Like you're saying I hope that a real complete DEX will exist soon.

xtraelv

legendary

Activity: 1274

Merit: 1924

฿ear ride on the rainbow slide

Quote from: leps on May 08, 2019, 11:12:18 PM

I understand all this but I am still wondering how hackers benefit in making donations to streamers or to anything else for that matter. Unless the person receiving that donation is also inside the scam.

The Drug Courier for example, they know that they are carring drugs to deliver to the destination and get paid or are coerced to do it. How do streamers fit in this equation?

By making thousands of payments to random people the hacker can obfuscate transactions made to those involved in the hack.

It would be hard to judge whether a payment was made to a random person or someone involved in the hack.

Some hackers have done this in the past. Clustering of payments usually still make it identifiable.

The theory is that if you give 99% of the stolen funds to strangers it becomes hard for the police to identify the hacker who manages to launder 1% (or more).

Since it is then impossible to determine whether it was a random payment or a payment to the person linked to the crime.

In practice it still can result in being charged with "receiving stolen goods" if someone uses or moves the funds.

r1s2g3

sr. member

Activity: 742

Merit: 395

I am alive but in hibernation.

Binance API keys have problem and this is the first time they accepted it. There API keys were hacked earlier too.

https://hackernoon.com/how-your-trading-api-keys-can-be-used-to-drain-your-funds-f9148d1e6d33

https://coingape.com/binance-hacked-or-syscoin-blockchain-compromised/

TheHas

full member

Activity: 616

Merit: 167

Quote from: Ucy on May 08, 2019, 05:29:46 PM

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange. They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

That is a major concern. For the sake of transparency Binance should detail exactly how this happened, so we can see if this is an issue that could exist for every exchange, or if this is a Binance specific security issue.

We'll probably get a 'nothing to see here, we fixed it' response. But we'll find out in a week.

leps

hero member

Activity: 918

Merit: 1001

Quote from: xtraelv on May 08, 2019, 08:53:08 PM

Quote from: leps on May 08, 2019, 11:36:28 AM

Quote from: TimeBits on May 08, 2019, 04:28:59 AM

Quote from: leo99 on May 08, 2019, 04:23:47 AM

why did hackers need BTC, how do they cash it?

They cash it by something called money laundering. Let`s say I hack a exchange and get 7000 bitcoin, I could used a mixer and donate to myself on my stream or a friends stream, I could send it to 1000`s of streamers. Are you going to interrogate each one of them for receiving a donation? Now I the streamer cash out my btc into fiat or get someone else to do it on local bitcoins. They needed the btc because they see it is easier to steal than earn, the banks/governments do the same thing with interest and tax and laws, for example here in Canada only they are allowed to sell the booze and weed GANGSTER THUGS! Wink

this is a streamer https://www.ccn.com/twitch-streamer-receives-a-donation-of-20-bitcoins-while-playing-runescape someone who plays games or makes videos on a live stream.
https://www.youtube.com/watch?v=qDzF7oAeaPA 1.7 btc donation
https://www.youtube.com/watch?v=SDUKB4NWMdM 4btc donation then like 4 and 4 and 4 $73K
https://www.youtube.com/watch?v=FmHAlUnfXRY my fav bitcoin alert

also those beggers you see on all the btc gambling sites and on twitter, they could be used as mixers Wink

How do they cash it out through the streamers though? You are implying that the streamers are aware that they are going to receive these donations and then cash it out for the hackers, making them partners on that crime, are you not?

Some countries have legislation that considers crypto "personal property". Receiving stolen crypto is receiving stolen goods. Good title cannot pass.

I'm sure a judge has heard "he gave me the car for free" before when dealing with someone in possession of a stolen car and it may well be true. But I doubt it stopped then from receiving a penalty.

During the NEM/XEM coincheck hack the hacker deliberately "donated" crypto to various parties and created may small outputs to try to obfuscate forensic analysis but cluster analysis still tends to follow the trail.

Laundering and cashing out still is a major hurdle for a hacker and carries much risk. A lot of the XEM/NEM was sold at a discount on the darknet. I am sure that over the next few years there will be people that regret buying it and participating in the money laundering.

Thieves have all the time to plan and execute a crime. The thieves know all the details about what they have done. But once the crime is committed - enforcement and investigators have all the time to figure it out.

I understand all this but I am still wondering how hackers benefit in making donations to streamers or to anything else for that matter. Unless the person receiving that donation is also inside the scam.

The Drug Courier for example, they know that they are carring drugs to deliver to the destination and get paid or are coerced to do it. How do streamers fit in this equation?

xtraelv

legendary

Activity: 1274

Merit: 1924

฿ear ride on the rainbow slide

Quote from: leps on May 08, 2019, 11:36:28 AM

Quote from: TimeBits on May 08, 2019, 04:28:59 AM

Quote from: leo99 on May 08, 2019, 04:23:47 AM

why did hackers need BTC, how do they cash it?

They cash it by something called money laundering. Let`s say I hack a exchange and get 7000 bitcoin, I could used a mixer and donate to myself on my stream or a friends stream, I could send it to 1000`s of streamers. Are you going to interrogate each one of them for receiving a donation? Now I the streamer cash out my btc into fiat or get someone else to do it on local bitcoins. They needed the btc because they see it is easier to steal than earn, the banks/governments do the same thing with interest and tax and laws, for example here in Canada only they are allowed to sell the booze and weed GANGSTER THUGS! Wink

this is a streamer https://www.ccn.com/twitch-streamer-receives-a-donation-of-20-bitcoins-while-playing-runescape someone who plays games or makes videos on a live stream.
https://www.youtube.com/watch?v=qDzF7oAeaPA 1.7 btc donation
https://www.youtube.com/watch?v=SDUKB4NWMdM 4btc donation then like 4 and 4 and 4 $73K
https://www.youtube.com/watch?v=FmHAlUnfXRY my fav bitcoin alert

also those beggers you see on all the btc gambling sites and on twitter, they could be used as mixers Wink

How do they cash it out through the streamers though? You are implying that the streamers are aware that they are going to receive these donations and then cash it out for the hackers, making them partners on that crime, are you not?

Some countries have legislation that considers crypto "personal property". Receiving stolen crypto is receiving stolen goods. Good title cannot pass.

I'm sure a judge has heard "he gave me the car for free" before when dealing with someone in possession of a stolen car and it may well be true. But I doubt it stopped then from receiving a penalty.

During the NEM/XEM coincheck hack the hacker deliberately "donated" crypto to various parties and created may small outputs to try to obfuscate forensic analysis but cluster analysis still tends to follow the trail.

Laundering and cashing out still is a major hurdle for a hacker and carries much risk. A lot of the XEM/NEM was sold at a discount on the darknet. I am sure that over the next few years there will be people that regret buying it and participating in the money laundering.

Thieves have all the time to plan and execute a crime. The thieves know all the details about what they have done. But once the crime is committed - enforcement and investigators have all the time to figure it out.

Ucy

sr. member

Activity: 2576

Merit: 401

This is heartbreaking.
I have a feeling that whoever is doing this is capable of hacking pretty much any cryptocurrency exchange. They only hit any exchange when they feel like.
It's unfortunate enough money isn't put into the research o decentralized great exchanges

squatter

legendary

Activity: 1666

Merit: 1196

STOP SNITCHIN'

Quote from: TimeBits on May 08, 2019, 03:38:08 PM

Nothing will ever compare to the amount of coins taken in mt.gox. btc wise. Which is all that matters. I am sure in the future more Fiat will be taken but less btc in exchanges.

I would hope so. A few years ago -- and even up until recently -- there were still exchanges keeping virtually all customer cryptocurrency in hot wallets. No hot wallet or automated withdrawal system is impenetrable.

Through responsible cold wallet management and possibly hot wallet insurance like Coinbase has, these situations should become more like this Binance hack and less like the Bitfinex hack a few years ago, where 120,000 BTC were stolen.

Fortunately for customers, Binance is a much more viable exchange than other recently hacked exchanges like Cryptopia. It seems like they'll recover from this.

leo99

member

Activity: 211

Merit: 57

Quote from: TimeBits on May 08, 2019, 04:28:59 AM

Quote from: leo99 on May 08, 2019, 04:23:47 AM

why did hackers need BTC, how do they cash it?

They cash it by something called money laundering. Let`s say I hack a exchange and get 7000 bitcoin, I could used a mixer and donate to myself on my stream or a friends stream, I could send it to 1000`s of streamers. Are you going to interrogate each one of them for receiving a donation? Now I the streamer cash out my btc into fiat or get someone else to do it on local bitcoins. They needed the btc because they see it is easier to steal than earn, the banks/governments do the same thing with interest and tax and laws, for example here in Canada only they are allowed to sell the booze and weed GANGSTER THUGS! Wink

this is a streamer https://www.ccn.com/twitch-streamer-receives-a-donation-of-20-bitcoins-while-playing-runescape someone who plays games or makes videos on a live stream.
https://www.youtube.com/watch?v=qDzF7oAeaPA 1.7 btc donation
https://www.youtube.com/watch?v=SDUKB4NWMdM 4btc donation then like 4 and 4 and 4 $73K
https://www.youtube.com/watch?v=FmHAlUnfXRY my fav bitcoin alert

also those beggers you see on all the btc gambling sites and on twitter, they could be used as mixers Wink

but in this case you will receive not 7000 but only 7 btc. why they did not use XMR, DASH, ZEC, etc?
p.s. video funny Grin

TimeBits

member

Activity: 224

Merit: 62

Quote from: figmentofmyass on May 08, 2019, 02:29:19 PM

Quote from: zgrdyg on May 08, 2019, 09:17:39 AM

It felt like a major screw up more than a hack.

40m $ is a huge amount at least they are covering it. I hope no exchange would be next. It all ends in here.

it's not that huge. it's nothing compared to some of the hacks we've seen in the past 2 years like coincheck etc. it was apparently ~2% of their BTC reserves (hot wallet only) which is what one would expect in the best case scenario.

apparently with their trading fees they can recover from this in <50 days. it's not that bad......

Nothing will ever compare to the amount of coins taken in mt.gox. btc wise. Which is all that matters. I am sure in the future more Fiat will be taken but less btc in exchanges. Unless some big boy miners team up over in China, that might be the biggest threat to btc, even worse than mt.gox.

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: zgrdyg on May 08, 2019, 09:17:39 AM

It felt like a major screw up more than a hack.

40m $ is a huge amount at least they are covering it. I hope no exchange would be next. It all ends in here.

it's not that huge. it's nothing compared to some of the hacks we've seen in the past 2 years like coincheck etc. it was apparently ~2% of their BTC reserves (hot wallet only) which is what one would expect in the best case scenario.

apparently with their trading fees they can recover from this in <50 days. it's not that bad......

Landak

hero member

Activity: 1386

Merit: 503

Quote from: Kasabus on May 08, 2019, 08:17:33 AM

Quote from: Landak on May 08, 2019, 07:16:17 AM

maybe the next exchange that will be hacked is KuCoin or bw.com or others Grin

Bigger than Binance, and let's see the effect, just kidding.
Seriously, I don't want to see a hack again, it's bad for the market in general.

Haha ... I also don't want see any other market to be hacked too. it is true, this news seems, does not really affect overall market movements. bullish trend continues as if nothing happened.
For now, let's monitor the news from binance. hopefully the problem will be finished soon.

FreeEarnsActivist

jr. member

Activity: 124

Merit: 8

Quote from: ene1980 on May 08, 2019, 12:20:12 AM

When it looks like the market is recovering from the bear market, yet another major exchange is hacked and $40.7 million is lost, looks like there is no end for these hacks and not sure which exchange is the next target. These security breaches will impact the market in a huge way as investors will think twice before investing because none of the exchanges are safe, they might refund the users because as per the news only a small percentage of the funds are lost but what i really do not understand is that when these huge amounts of withdrawals are executed how they are passing through the internal audit and many hacks in the past were not transparent, hopefully they will provide the details on how this hack happened.

Zhao was fighting a nobody in Craig and if he could have being more careful with his internal security rather than fighting bull shit artists these hacks wont happen.
Here is the link to the article about the entire news

Edit: CZ talking about roll back and it looks like the loss is much bigger to make him so desperate, they confirmed a loss of $40 million dollars and yet claiming that they are safe Roll Eyes

.

Coinfirm analysis the Binance hacker has recently moved over 1214 #BTC (~$7.16M) to new addresses, but almost 5786 BTC (~$34.14M) still sit on the #Binance hackers original addresses. Take a look at an analysis:
https://twitter.com/Coinfirm_io/status/1126082101080743938

leps

hero member

Activity: 918

Merit: 1001

Quote from: TimeBits on May 08, 2019, 04:28:59 AM

Quote from: leo99 on May 08, 2019, 04:23:47 AM

why did hackers need BTC, how do they cash it?

They cash it by something called money laundering. Let`s say I hack a exchange and get 7000 bitcoin, I could used a mixer and donate to myself on my stream or a friends stream, I could send it to 1000`s of streamers. Are you going to interrogate each one of them for receiving a donation? Now I the streamer cash out my btc into fiat or get someone else to do it on local bitcoins. They needed the btc because they see it is easier to steal than earn, the banks/governments do the same thing with interest and tax and laws, for example here in Canada only they are allowed to sell the booze and weed GANGSTER THUGS! Wink

this is a streamer https://www.ccn.com/twitch-streamer-receives-a-donation-of-20-bitcoins-while-playing-runescape someone who plays games or makes videos on a live stream.
https://www.youtube.com/watch?v=qDzF7oAeaPA 1.7 btc donation
https://www.youtube.com/watch?v=SDUKB4NWMdM 4btc donation then like 4 and 4 and 4 $73K
https://www.youtube.com/watch?v=FmHAlUnfXRY my fav bitcoin alert

also those beggers you see on all the btc gambling sites and on twitter, they could be used as mixers Wink

How do they cash it out through the streamers though? You are implying that the streamers are aware that they are going to receive these donations and then cash it out for the hackers, making them partners on that crime, are you not?

l8orre

legendary

Activity: 1181

Merit: 1018

Quote from: mrdeposit on May 08, 2019, 09:23:50 AM

I want to see a new tweet by Binance Ceo about the new way of security. We all know the types of securing information: Something you have(Fingerprint). Something you know(Password). Something you are(Face scanner). Let the Ceo think twice. Hacking news makes me feel bad.

You should not always follow his advice....

Quote from: TimeBits on May 08, 2019, 09:19:58 AM

Who controls the button? EVERYONE
Well with decentralized voting, the only corrupt people can be the majority.

I know there is more good people on this planet than bad, I have faith in my numbers, not all my numbers but the majority of them.

I wonder how 'Decentralized' that 'DEX' is going to be, and when it will experience its first hack - needless to say, there are other DEXes already operational- buuuuut herd instinct and all that...

xtraelv

legendary

Activity: 1274

Merit: 1924

฿ear ride on the rainbow slide

Quote from: mrdeposit on May 08, 2019, 09:23:50 AM

I want to see a new tweet by Binance Ceo about the new way of security. We all know the types of securing information: Something you have(Fingerprint). Something you know(Password). Something you are(Face scanner). Let the Ceo think twice. Hacking news makes me feel bad.

You should not always follow his advice....

Quote from: TimeBits on May 08, 2019, 09:19:58 AM

Who controls the button? EVERYONE
Well with decentralized voting, the only corrupt people can be the majority.

I know there is more good people on this planet than bad, I have faith in my numbers, not all my numbers but the majority of them.

What if the hacker steals so much funds that they have the majority vote ? (That actually happened with one coin exploit)

Also not everyone like revealing their identity. Dodgy KYC is used to harvest identification documents and photos that are then used in identity theft.

If the users are anonymous then they can create an infinite number of sockpuppets to vote with. Perhaps controlled by a bot.

xtraelv

legendary

Activity: 1274

Merit: 1924

฿ear ride on the rainbow slide

Quote from: DrDoctor1234 on May 08, 2019, 09:19:21 AM

Poor implementation of a decentralized exchange is different to whether the idea of a decentralized is better or worse than a centralized exchange - I'd say its better.

Not quite the same, but something like DAI/MKR where everything is done through smart contracts to create a CDP, is better than having a central entity do the equivalent work imo.

The alternative is that we keep trusting exchanges like Binance, wait 6-12 months and post the same thing again about how much money was lost this time round.

While I agree with you in part.

All hacks are because a security flaw wasn't considered or patched. Whether centralized or decentralized.

With a DEX - who will do the coding. Coding by consensus ? There are a limited number of people that understand or comprehend the code. Even the best make mistakes.

Coin networks cannot even get the security right yet. A massive number of coins have been exploited this year and a lot of them haven't even announced it publicly.

It will be a long time before a DEX will provide real benefits over a centralized exchange.(Don't get me wrong - I am pro DEX - but real DEX don't exist yet.)

Abdo_Massud

newbie

Activity: 20

Merit: 0

Quote from: mrdeposit on May 08, 2019, 09:23:50 AM

I want to see a new tweet by Binance Ceo about the new way of security. We all know the types of securing information: Something you have(Fingerprint). Something you know(Password). Something you are(Face scanner). Let the Ceo think twice. Hacking news makes me feel bad.

Security is there to make you feel safe,not to actually secure anything.

Take insurances for example, when you have one, you just feel safer, but does that mean you are really safe?

Security sells only one thing and that's FEAR.

l8orre

legendary

Activity: 1181

Merit: 1018

I wonder if this is a good moment to mention DEXes, like e.g. Komodo DEX ...

Topic: Binance lost $40.7 million to hackers, which exchange is next!!! - page 2. (Read 1296 times)