Last month, popular crypto exchange Binance announced it had uncovered a large-scale security breach that saw attackers make off with over 7000 bitcoins, worth roughly US$41million, from one of its hot wallets.
Binance is not releasing specific details about how the hack was performed at this time, but from what little information has been made public, it is thought that a number of account credentials were collected through phishing attacks and targeted malware.
It is believed that these accounts were then used to initiate a withdrawal of 7074 BTC from the exchange’s hot wallet into multiple wallets controlled by the attacker.
According to the post-incident report, Binance’s internal suspicious activity control systems alerted the site’s administrators immediately after the withdrawal of over 7000 BTC.
In response, Binance immediately froze all deposits and withdrawals to conduct a security review to assess the cause and effects of the security breach.
The breach was initially disclosed by Binance CEO Changpeng Zhao (CZ) in a blog post titled “Binance Security Breach Update” on their website, just a few hours after CZ announced on Twitter that Binance was undertaking “some unscheduled server maintenance”.
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are #safu.
— CZ 🔶 BNB (@cz_binance) May 7, 2019
The post gave Binance’s customers a timely and transparent overview of the situation, pointing to the exact transaction in which the theft took place, as well as the suspected attack vector.
The update also reassured users that due to the exchange’s proper use of cold storage, the attackers only managed to steal approximately 2 percent of its total BTC holdings, and as such, the exchange was still solvent.
Binance has stated that they will use their SAFU fund (Secure Assets Fund for Users – an emergency insurance fund intended to be used to mitigate significant operational losses) to cover the stolen cryptocurrency, according to the update, and have assured users that their deposits or balances will remain unaffected by the hack.
So what can be learned about cryptocurrency security from this latest high profile security breach?
1. Even the most popular and well-regarded cryptocurrency exchanges are still vulnerable to security breaches.
Binance may be one of the most popular cryptocurrency exchanges, but that doesn’t make them immune from being a victim of a security breach.
2. Exchanges that have contingency plans in place fare a lot better than those that don’t
Binance was able to reassure their users that due to their insurance fund, all users’ cryptocurrency was safe, the exchange was still solvent, and operation of the exchange would remain unaffected (apart from deposits and withdrawals being temporarily suspended).
A similarly sized attack on an exchange that did not have such a contingency plan would likely be a death blow.
3. Exchanges are a risky place to store your funds
Although in this case there was little collateral damage to end users of the exchange, if the amount stolen was an order of magnitude greater, or if Binance did not employ the operational controls it did, things could have been a lot worse.
If you are technologically inclined, taking the time to implement a secure self-custody solution using hardware wallets and multi-signature technology can prevent you from becoming a victim to a hack on an exchange.
Don’t trust yourself to securely store your cryptocurrency? Then consider using a dedicated custody provider that offers insurance for their users, such as Coinbase Custody or BitGo.
4. Secure your login credentials, 2FA devices, and familiarise yourself with phishing attacks
The Binance hack is believed to have been performed by collecting the login credentials, 2FA credentials, and/or API keys of many users, likely through phishing campaigns or targeted malware.
Familiarising yourself with common types of phishing attacks, adopting stringent operational practices surrounding cryptocurrency keys and login details, and disabling API access unless you are actively using it are all ways in which you can prevent yourself from becoming a victim of a similar hack in the future.
Binance has been applauded for its commitment to transparency due to the timely and informative updates, quick response, the live interview conducted by CZ in the wake of the breach, and the thorough post-incident report posted on the Binance website.
As a testament to Binance’s commitment to service reliability, the exchange managed to stay online and remain open for trading as the situation unfolded, only having to disable deposits, withdrawals, and resetting all current API keys as security measures.
Crypto users took notice and despite Binance’s native token BNB dropping 16 percent in the days following the hack, consumer confidence is reflected in the fact it was trading up over 60 percent just two weeks later.
The information in this article is general in nature. Any advice it contains is general advice only and has been prepared without taking into account the objectives, financial situation or needs of any particular person.
The article content is not intended to be a substitute for professional advice and readers are urged to seek their own appropriate advice before making decisions.
Any reference to a particular investment is not a recommendation to buy, sell or hold the investment.
By Michael Buchanan, DigitalX Blockchain Developer