The recent hack of the world's biggest cryptocurrency exchange, Binance, highlights the need for heightened security in the crypto space.
"The hackers used a variety of techniques, including phishing, viruses and other attacks," according to Binance CEO Changpeng Zhao in a May 7 blog post.
How did the theft occur? We are currently researching the attack, but from what we know Binance had the current state of the cybersecurity art in place.
The attacker(s) probably used a password stolen in a phishing attack, or they exploited a combination of vulnerabilities.
As Chairman of the Anti-Phishing Working Group, an organization that has been fighting eCrime and phishing for more than 16 years, I can tell you it's highly likely that phishing was an attack vector.
Phishers are casting their nets-and spears-at crypto companies in particular.
The Binance hack could have been an employee being duped into giving a password by a clever email ruse.
To access the network, exchange employees should be required to use an authentication app on their phone, a certificate on their computer to access the corporate VPN, and a password.
That way, if criminals phish an exchange worker's password or break it with brute force they're still not getting in.
The attacker can gain the password and even compromise one of the user's devices but that won't get all three factors.
Three ways to prevent exchange hacks-how 3FA can foil cryptocurrency exchange robberies
Published on May 15, 2019
by Cryptoslate | Published on Coinage
DeFi exchange Uniswap records $20 million in trades last week
Ryan Sean Adams, the Founder of cryptoasset investment firm Mythos Capital, revealed via Twitter that Uniswap, a permissionless, peer-to-peer crypto exchange protocol, recorded approximately $20 million in trading volume last week.
Rep. Eric Swalwell Is Accepting Crypto Donations in Bid for US Presidency
Rep. Eric Swalwell is accepting donations in cryptocurrencies to support his bid for the U.S. presidency in 2020.
DeFi Pioneer Compound Partners With Coinbase Wallet, Zerion for V2 Launch
HODLers looking for returns on their crypto now have more flexibility in the Compound app.
Decentralized Domain Registry Raises $4 Million From Draper, Boost VC
A blockchain startup is bringing the fight for free speech to the domain level.