Binance, one of the largest cryptocurrency exchanges in the world, announced on May 8th (UTC) that a “large scale security breach” was detected in their cybersecurity system at 17:15:24 May 7th 2019 (UTC).
It’s said that about 7,000 bitcoin amounting to $40 million were withdrawn by hackers through a single transaction. Hackers employed various methods, including phishing and viruses, to obtain user API keys, two-factor authentication codes, and other information and to finally “execute well-orchestrated actions”.
As a pioneering and professional enterprise dedicated to building a better blockchain ecomodel, We, Beosin(Chengdu Lian’An Technology Co., Ltd.), takes quick action at the first time organizing our technicians to make in-depth analysis. Here’s the breakdown.
Attack Scene
- Transaction details
https://i.redd.it/igniw3f6w4031.png
As is shown in the above screenshot, the attack occurred at block height 575013.
The picture below shows the addresses where hackers were withdrawing BTC, with the yellow-marked parts being the major ones.
https://i.redd.it/lv4j3509w4031.png
By 14:30 May 8th (GMT+8), a total number of 7074 BTC have been stolen from Binance’s hot wallet which remained a sum of 3,612.69114593 BTC after the suffering, indicating its security of secret keys.
Event Study
Hackers carried out withdrawal operations by API synchronously at 01:17:18 May 8th (GMT+8).
Once a user applied Binance exchange API, API key and secret key would be correspondingly generated. See the illustration below.
https://i.redd.it/q8piepebw4031.png
API offers users with IP-restriction-relief option as well as open-withdrawal option, from which open withdrawal means withdrawing tokens directly by using API key and secret key, without the need for SMS verification code and Google verification code. See the illustration below.
https://i.redd.it/3fdztu2ew4031.png
The screenshot below shows part of the demo codes for API Call given by Binance.
(Source: https://github.com/binance-exchange/python-binance)
https://i.redd.it/11gwxfkgw4031.png
By our first-step analysis, we think that the data breaches led to this attack. More specifically, it’s because that the users’ API keys and secret keys are obtained by and exposed to hackers.
In the case that a user enables IP-restriction-relief and open-withdrawal function, attackers are able to obtain user’s API key and secret key information and then implement heist.
We list 4 possible cases in which a Binance user might leak his/her info:
- Ordinary users don’t use API keys, generally speaking, and when power users adopt API keys to code for automated transaction, their source codes are likely to be exposed to attackers before their secret keys are committed to the same.
- Users are phished by attackers as their API keys and secrete keys are hijacked.
- The computer in which a user’s API key and secret key is stored has been infected.
- Cryptocurrency exchanges are easy to breach. Users API and Secret keys are stolen by hackers due to internal reasons of Binance exchange security system. Note that there are only 71 users enabled open-withdrawal function and each suffered loss.
Tips from Beosin
We highly suggest that both users and Cryptocurrency exchanges pay extra attention on information protection. Especially, when using advanced functions, strengthen the awareness of security to avoid any latent loss resulting from data breaches.
No comments:
Post a Comment