The recent hack of the world's biggest cryptocurrency exchange, Binance, highlights the need for heightened security in the crypto space.
"The hackers used a variety of techniques, including phishing, viruses and other attacks," according to Binance CEO Changpeng Zhao in a May 7 blog post.
How did the theft occur? We are currently researching the attack, but from what we know Binance had the current state of the cybersecurity art in place.
The attacker(s) probably used a password stolen in a phishing attack, or they exploited a combination of vulnerabilities.
As Chairman of the Anti-Phishing Working Group, an organization that has been fighting eCrime and phishing for more than 16 years, I can tell you it's highly likely that phishing was an attack vector.
Phishers are casting their nets-and spears-at crypto companies in particular.
The Binance hack could have been an employee being duped into giving a password by a clever email ruse.
To access the network, exchange employees should be required to use an authentication app on their phone, a certificate on their computer to access the corporate VPN, and a password.
That way, if criminals phish an exchange worker's password or break it with brute force they're still not getting in.
The attacker can gain the password and even compromise one of the user's devices but that won't get all three factors.
Three ways to prevent exchange hacks-how 3FA can foil cryptocurrency exchange robberies
gepubliceerd op May 15, 2019
by Cryptoslate | gepubliceerd op Coinage
Cryptocurrency exchanges see massive increase in monthly trading volume, bull market solidifying
CryptoCompare, a leading provider of cryptocurrency data and indices, found that the top 15 exchanges all experienced an increase in monthly volume.
Worldwide crypto acceptance is within reach thanks to Coinbase Commerce's USDC stablecoin integration
Crypto as a method of payment has just gotten easier.
Zimbabwe Stock Exchange Eyes Blockchain-Based Products, Needs Regulatory Clarity
"Then there is the money side to blockchain technology. This is a bit difficult, in terms of regulation, we are not yet clear on this and we do not want to do something where regulation is not clear as an exchange. But the technology side is very good."
UK Watchdog Reports $34 Million Lost in Crypto and Forex Scams Last Year
The primary financial regulator of the United Kingdom, the Financial Conduct Authority, reports that crypto investors in the country lost over $34 million due to cryptocurrency and forex scams from 2018-2019 the Financial Times reports on May 20.According to the data, which the FCA gathered from the U.K. national fraud and cybercrime reporting center, Action Fraud, individual loss due to scams decreased from $76,000 to $18,500 while total losses fell by $14 million.