The recent unprecedented Binance hack that led to over 7,000 bitcoins being stolen sent shockwaves across the cryptosphere and besmirched the crypto exchange’s almost impeccable security record. And now CEO Changpeng Zhao, also known as CZ has announced a $1.2 million giveaway in Binance Coin (BNB) as a “thank you” gift to the company’s customers for being supportive during these trying times.
The platform which is considered to be the biggest of its kind in the world in terms of trade volume was forced to halt deposits and withdrawals moments after the theft, a predicament that left many of its users in limbo for several days before resuming operations on May 15.
— Binance (@binance) May 15, 2019
How the Hack Occurred
Cybercriminals were able to compromise user accounts through multi-pronged attacks ranging from malware to complex phishing schemes. They were able to obtain sensitive information related to user accounts such as API keys and 2FA codes.
According to a statement released by Binance, the hackers were patient enough to wait until peak trading hours before executing the transfers to make the transactions less apparent.
They are believed to have obtained a list of verifiable data strings matching the breached accounts and this allowed them to bypass the exchange’s main security triggers.
The perpetrators were also able to avoid IP blacklisting by exploiting previously overlooked site-wide bugs. In light of this, the company announced security upgrades targeting 2FA and KYC validation processes as well as the platform’s user behavioral analysis system.
The stolen funds were sent to 44 virtual wallets. A few days later, blockchain analysts noted a series of cryptocurrency transfers to seven other crypto addresses.
All clients affected by the hack are set to be compensated using funds from the agency’s Secure Asset Fund for Users (SAFU) which was set up in 2014. Approximately ten percent of all trading fees acquired by the company are deposited in the SAFU cold wallet which is used to compensate clients in the wake of such unfortunate events.
Thanks for the support, really appreciate it. But currently no need. We will cover the loss from the #SAFU fund, there is enough. We are hurt, but not broke.
We are working hard to resolve the issue, so that everyone can deposit and withdrawal again. Will take some time. https://t.co/0j4J0fk99W
— CZ Binance (@cz_binance) May 8, 2019
A Past Hacking Episode
Binance has in the past suffered hacker attacks and one of the most notable incidences occurred in March last year. Hackers used phishing techniques to obtain API keys to user accounts and simultaneously executed inflated buy and sell orders.
They specifically targeted the Viacoin digital currency to cause an artificial price increase by up to 10,000 times and then tried to purchase BTC coins at this rate using their own accounts through a process known as wash trading. The momentary price strike triggered the platform’s security system which halted the trades rendering the hack unsuccessful.
Outwitting the Fraudsters
Following the hack, Binance CEO CZ suggested a few ways to get back the funds and one of those was reversing the blockchain to undo the illegal transactions.
Although viable in certain circumstances, the idea was eventually canceled because it would compromise the stability of the BTC network. CZ revealed on Twitter that he had been in talks about this with industry stakeholders including Bitmain’s co-founder Jihan Wu before scrapping the idea.
Reversing the transactions would require undertaking a 51 percent attack on the bitcoin blockchain. This would mean incentivizing miners to join in the attack, but in the end, the risks would outweigh the benefits.
It could lead to an unwarranted fork, and inadvertently split transactions and the community. The number of blocks that had lapsed before the suggestion also rendered the idea highly impractical.
It’s easier to reverse transactions if only two or three have lapsed but in this case, tens of blocks had already been processed by the time the notion was conceived. In such a scenario, mind-boggling amounts of hashing power would be required to reverse the blockchain.
Have the Hackers Won?
The Binance hackers have been moving and intermixing the funds as observed on the blockchain using numerous wallets and if this continues for a sustained period of time there is a likelihood that the digital coins may never be recovered even if exchanges decide to blacklist all the addresses that handle the funds.
The cybercriminals in this instance were uncanny in their execution and avoided exchange wallets as was the case in the recent Bithumb hacking incident. Stolen digital assets that had been transferred to addresses controlled by other cryptocurrency platforms were frozen.
Binance CEO, Changpeng Zhao, has publicly stated that there is already some sort of an alliance between exchanges to help stop such funds from re-entering exchange platforms. He expressed hope that such a union will make the ecosystem more secure in the long run.
As things stand, the funds are likely to become untraceable after hundreds of transfers and shuffling between wallets with “clean” BTC. As observed in past heists, sophisticated hackers usually employ complex tumbler techniques to throw off analytics systems.
They then wait for extended periods of time before withdrawing funds allowing interest in the subject to wane. Naturally, blockchain analysts lose interest after some time making such maneuvers less risky.
Other means used by hackers to launder illicit digital currency proceeds include buying gaming currencies like V-bucks using stolen funds and then reselling the same to players at discounted prices. According to a report by The Independent, the dark web is rife with such schemes where hackers buy and sell in bulk.
V-bucks are usually used by Fortnite players to purchase gaming weapons and advanced kits that give them to have an edge over other gamers.
(Featured Image Credit: Pixabay)
The post Binance CZ Announces BNB Giveaway After Bitcoin Heist, Money Laundering Nightmares Persist appeared first on CoinCentral.