Three ways to prevent exchange hacks-how 3FA can foil cryptocurrency exchange robberies

gepubliceerd op by Cryptoslate | gepubliceerd op

The recent hack of the world's biggest cryptocurrency exchange, Binance, highlights the need for heightened security in the crypto space.

"The hackers used a variety of techniques, including phishing, viruses and other attacks," according to Binance CEO Changpeng Zhao in a May 7 blog post.

How did the theft occur? We are currently researching the attack, but from what we know Binance had the current state of the cybersecurity art in place.

The attacker(s) probably used a password stolen in a phishing attack, or they exploited a combination of vulnerabilities.

As Chairman of the Anti-Phishing Working Group, an organization that has been fighting eCrime and phishing for more than 16 years, I can tell you it's highly likely that phishing was an attack vector.

Phishers are casting their nets-and spears-at crypto companies in particular.

The Binance hack could have been an employee being duped into giving a password by a clever email ruse.

To access the network, exchange employees should be required to use an authentication app on their phone, a certificate on their computer to access the corporate VPN, and a password.

That way, if criminals phish an exchange worker's password or break it with brute force they're still not getting in.

The attacker can gain the password and even compromise one of the user's devices but that won't get all three factors.