An Overview of Binance Cyber-Crime Attack and What We Can Learn from It

Wayne Jones by Wayne Jones - 11:04 AM May 20, 2019
an-overview-of-binance-cyber-crime-attack-and-what-we-can-learn-from-it

On May 7, 2019, Binance issued a report entailing details of their discovery of a large security breach. The hackers responsible for the breach managed to steal 7,000 BTC, which is equivalent to a whopping 40 million US Dollars in one pounce.

The report stated that the hackers used a well- organized system via independent accounts at the most suitable moment. The mechanism used by the hackers was able to bypass the Binance security checks to execute the transaction. Although it was too late already, Binance systems were alerted and stopped withdrawals immediately.

As the Binance team continue patching up the vulnerable areas that gave way to the breach, they found out that the hacker has merged all the BTC stolen (which was then transferred to 44 addresses) into just seven addresses as follows;

  1.    bc1q2rdpyt8ed9pm56u9t0zjf94zrdu6gufa47pf62 (Bech32 address holding 1,060.6 BTC)

  2.    bc1qx3628eh9tdnm0uzculu8k6r2ywfkc5zns2hp0k (Bech32 address holding 1,060.6 BTC)

  3.    bc1qnf2ja3ffqzc3hskanjse6p8zag52fm6jgmmg9u (Bech32 address holding 1,060.6 BTC)

  4.    bc1qw7g5uxxl750t0h2fh9xajwuxp4qt634yh3vg5q (Bech32 address holding 1,060.6 BTC)

  5.    16SMGihY94H8UjRcxwsLnDtxRt7cRLkvoC (P2PKH address holding 1,060.6 BTC)

  6.    1MNwMURYw1LkPnnpda2DQkkUsXXeKL9pmR (P2PKH address holding 1,060.6 BTC)

  7.    bc1q3a5hd36jrqeseqa27nm40srkgxy8lk0v0tpjtp (Bech32 address holding 707.1 BTC)


What’s Next for Binance?
Currently, Zhao has pointed out that they have to conduct an intensive security check that will include the entire Binance system and data.  Zhao said that this review might take approximately one week depending on the size of Binance systems. He also noted that he would maintain regular and factual updates about this issue.

During the time of writing, Binance withdrawals were under suspension while trading is still active on the exchange. Binance has affirmed that any affected account must be adequately compensated (using the Binance secure asset fund) to ensure that none of their customers is affected because of the incident.

Why is the Binance Hack Crucial for Crypto Adoption?
In 2019, CoinMarketCap.com, the most commonly cited crypto volume site, was arbitrated to have fake figures that could be misleading the crypto community. Well, despite Binance having the lowest potential fake volume, it is still not registered with FinCEN as a Money Services Business.

All crypto exchange businesses in the U.S are supposed to be registered in FinCEN, the part of U.S. Department of the Treasury that is set to fight against financial crimes. More or so, the businesses also have to adhere to AML, anti-money laundering rules, and obligations which require the identification of their customers and filing reports of suspicious activities whenever potential money laundering is spotted.

In 2011, FinCEN gave an updated report concerning crypto. Two years later, they offered a Guidance Letter confirming that all regulations controlling the application of MSBs to crypto businesses

Most crypto exchanges in the U.S. have already obeyed the laws. Poloniex and HBUS, the U.S. arm Singapore-based exchange Huobi are both registered by FinCEN. Shapeshift, a non-custodian exchange that has for long been fortified of anonymity also employed KYC.

Binance is unique from others in that it operates outside the U.S. but relies on the U.S. market for its entire operations. This was revealed one month after Binance was established in mid-2017 when the platform stated that approximately half of its customers are from China and the U.S. Then due subsequent China bans on crypto, Binance started to restrict Chinese IPs thus depending on the U.S. market more.

Therefore, Binance does not have a formal market surveillance tool that can determine market manipulations like wash trading and spoofing.

The increasing amount of digital assets lost in 2019
Over 365 million US Dollars’ worth of digital assets has been stolen from exchanges and infrastructure in the first quarter of 2019. Exit scams are among the pathways crypto assets are lost as evident with QuadroigaCX case, which led to its users losing approximately 195 million US Dollars.

Last year (2018), the estimated worth of digital assets stolen by hackers was $1.7 billion, that’s three times the amount stolen in 2017. Assessing this current trend in 2019, it can be projected that digital assets and infrastructure to be lost in 2019 could reach up to $1.2-$1.5 or more billion dollars ($365 million x 4).

Banks and governments of various states are set to roll over new global anti-money laundering (AML) and counter-terror financing (CTF) regulations in 2019. On the other hand, cyber criminals seem to have also gradually improved their skills and will remain a threat unless all the necessary precautions are met. Binance who have dismissed a few restrictions for the sake of the well-being of their clients can feel the wrath through this attack.

Just a month ago (April 11), Binance and CipherTrace (a blockchain security firm) announced their partnership to enhance the robust anti-money laundering compliance program exchange. If the blockchain security firm was supposed to improve the compliance standards according to the global progressive of cryptocurrency development frameworks and regulations, how come Binance got hacked? Can audit firms prevent a mishap like this or they are just there to pick up the broken (left) pieces?

Thoughts: Never Store your Digital Assets on Exchanges
Due to the rise in cybercrimes, the crypto community should be wary of leaving large amounts of crypto assets on exchanges. A crypto exchange is like a market place; you should not carry all your wealth to the market; carry what you have planned to use. Moreover, the exchange market holds the private keys of the coins you hold in their platform to ensure that you don’t lose, misplace, or have them stolen. That means you don’t own assets held under your name on exchanges. You should note that a crypto exchange is a place for solely trading. You can leave your funds there if you don’t mind a third party handling your private keys.

Safer Options to Store Your Crypto Assets

  1.    Software Wallets: Software wallets offer you the full ownership and control of your private keys. You don’t have to rely on extra hardware. Software wallets are suitable when it comes to storing a bigger amount of crypto assets for short-term rather than long-term or high-value storage. They strike a balance between convenience and total security.



  1.    Hardware Wallets: Hardware Wallets are the most secure since your private keys are not online. In hardware wallets, private keys never leave the device; hence, no one can access them or claim ownership of your assets. The hardware wallet signs the transaction offline and broadcasts them for you. They have secure elements which hold your private keys. However, they are an upfront investment and less flexible. They are best if you want the maximum level of security for your not-soon-to-be-accessed wealth.


 

About The Author
Wayne Jones

Wayne JonesAm Wayne, a Blockchain enthusiast and expert in crypto trading. Currently, I cover trendy issues on digital currencies.

Comments

Share On Social Media!

Enter Shared Link

Enter Shared Link

Enter Shared Link

Enter Shared Link

Enter Shared Link