Cryptocurrency Exchange Confirms 7,000 Bitcoins Stolen
Hackers stole 7,000 bitcoins, valued at about $41 million, from Binance, one of the world’s largest cryptocurrency exchanges, the company confirmed Wednesday. The incident is the latest in a string of thefts from cryptocurrency exchanges around the world.
A security breach was discovered on May 7 in which malicious actors were able to access user API keys, two-factor authentication codes, and potentially other information, Binance CEO Changpeng Zhao says in a statement. The company has several offices is Asia.
Zhao’s post on the Binance website says that all deposits and withdrawals from the exchange would remain suspended while the company conducts a thorough security review, which he estimated would take a week.
“The hackers had the patience to wait and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” Zhao says in the statement. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
The statement adds: “Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
Zhao also warned users of the continuing threat from the hackers.
“Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime,” the statement notes. “We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”
Cryptocurrency Exchanges Targeted
A report by CipherTrace, a bitcoin forensics company, says that criminals stole more than $356 million from exchanges and infrastructure during the first quarter of 2019.
Meanwhile, the UN recently published the findings of a private report that concluded North Korean hackers looted $571 million from five cryptocurrency exchanges in Asia from January 2017 to September 2018.
And customers of Canada’s major cryptocurrency exchange, QuadrigaCX, found that $195 million worth of bitcoin was inaccessible after the CEO mysteriously perished in India.
The Bank of Mexico reportedly has proposed banning financial institutions from transacting with crypto exchanges, citing money laundering and terror financing risks.
Some security experts contend cryptocurrency exchanges are underestimating digital risks.
“Today, all cryptocurrency-related businesses should be well-prepared to defend against constant and sophisticated cyber attacks,” says Ilia Kolochenko, founder and CEO of web security company ImmuniWeb. “Most have to compete in a very aggressive and turbulent market and thus are reducing their costs by all available means. Software development suffers most tremendously as cheap outsourced code cannot be secure by definition.”
Kolochekno says standards, similar to PCI for credit cards, could help safeguard cryptocurrency markets. “Even if they are not a silver bullet, they greatly reduce both the number and average volume of theft,” he says.
Rahil Karedia, a threat intelligence research specialist at Network Intelligence, says hackers are shifting from cryptomining to stealing hot wallet information accessible on vulnerable web application servers.
He says that during April 2019, he observed targeted attacks against the Electrum bitcoin wallet platform by Chinese-based threat actors, which he says was an early indicator that they could target bitcoin exchanges in the second quarter.
Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 server
Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 serverSome of the world’s biggest companies have had 750GB worth of their innermost secrets revealed on unsecured Amazon S3 buckets, available for anybody to download – no...
New Microsoft Excel Attack SurfacesResearchers have identified a security hole in Microsoft Office’s Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems. A feature in Microsoft Office’s Excel spreadsheet program called Power...
Malicious URL attacks using HTTPS surge across the enterpriseCyberattacks launched against the enterprise which makes use of the HTTPS protocol are increasing alongside spoofing and cloud-based threats, new research suggests. According to FireEye's Q1 2019 Email...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!