The recent hack of the world's biggest cryptocurrency exchange, Binance, highlights the need for heightened security in the crypto space.
"The hackers used a variety of techniques, including phishing, viruses and other attacks," according to Binance CEO Changpeng Zhao in a May 7 blog post.
How did the theft occur? We are currently researching the attack, but from what we know Binance had the current state of the cybersecurity art in place.
The attacker(s) probably used a password stolen in a phishing attack, or they exploited a combination of vulnerabilities.
As Chairman of the Anti-Phishing Working Group, an organization that has been fighting eCrime and phishing for more than 16 years, I can tell you it's highly likely that phishing was an attack vector.
Phishers are casting their nets-and spears-at crypto companies in particular.
The Binance hack could have been an employee being duped into giving a password by a clever email ruse.
To access the network, exchange employees should be required to use an authentication app on their phone, a certificate on their computer to access the corporate VPN, and a password.
That way, if criminals phish an exchange worker's password or break it with brute force they're still not getting in.
The attacker can gain the password and even compromise one of the user's devices but that won't get all three factors.
Three ways to prevent exchange hacks-how 3FA can foil cryptocurrency exchange robberies
Published on May 15, 2019
by Cryptoslate | Published on Coinage
This ICO Startup Didn't Die During Crypto Winter. It Has DAI to Thank
Monolith turned a $16.9 million ICO into $25 million-worth of assets by riding the bull market of 2017 then taking out DAI loans.
Price Analysis 17/08: BTC, ETH, XRP, BCH, LTC, BNB, EOS, BSV, XMR, XLM
XRP/USD. XRP plummeted below the critical support of $0.27795 on Aug. 14 and fell to a new yearly low of $0.225 on Aug. 15, which is a bearish sign.
QuadrigaCX Users Request Details on How EY Lost 103 Bitcoins
Users of now-defunct Canadian cryptocurrency exchange QuadrigaCX are requesting further information concerning the recent loss of 103 Bitcoins during the funds' recovery.
Court Allows Blockchain.com's Trademark Lawsuit Against Paymium to Proceed
The New York Federal Court denied the motion to dismiss the ruling in the trademark infringement action by cryptocurrency wallet and exchange operator Blockchain.com against fintech startup Paymium and its CEO Pierre Noizat over the use of domain "Blockchain.io".