Binance’s recent hack, CipherTrace’s Q2 2019 report raises the question of how much security is needed to be SAFU
The cryptocurrency market has not been able to keep itself safe from activities like fraud, Ponzi schemes, scams, and hacks. The world of cryptocurrencies has seen hackers stay one step ahead, despite the fact that many entities have taken several security measures to prevent funds from being stolen.
In July, a Japan-based cryptocurrency exchange, BITPoint, was hacked; an incident where hackers stole $32 million in crypto-assets, including $23 million in users funds. The exchange noted that the original hack was closer to “$28 million, while disclosing an additional $2 million stolen from other exchanges” that used BITPoint’s trading platform outside of Japan, bringing the total to $30 million. The hack left the it handicapped, with the exchange forcefully shutting down all its services. BITPoint will reimburse its affected customers in crypto.
BITPoint had previously faced administrative actions from Japan’s Financial Services Agency [FSA] for not having effective internal control systems established for AML/CTF, user protection and system risk management. It was given time till July 23, 2020, to prepare an improvement plan. However, they were hacked before any improvements could be deployed.
This hack was due to the lack of stringent security. However, BITPoint wasn’t alone as the world’s largest cryptocurrency exchange, Binance, was also attacked in May, despite having tough security systems. Hackers stole 7,074 Bitcoin [worth $40 million USD at the time of hack] in May. The value of this theft has since risen to $80 million, due to an increase in the price of BTC and according to research done by CipherTrace, was done using a multi-pronged takeover attack. Through this method, hackers obtained API keys, two-factor authentication codes, and other personal information from various users, including the one which had “very high net worth accounts.”
Binance CEO Changpeng Zhao noted this in his tweet to the community, stating that the hackers used different techniques to make this possible.
“The hackers used a variety of techniques, including phishing, viruses and other attacks.”
“The transaction is structured in a way that passed our existing security checks.”
Binance’s action to suspend withdrawals came after the hackers got away with the stolen BTC. Binance did not use the customers’ funds to pay back customers for their losses. Instead, Binance used its own SAFU funds, following which there were movements observed of the stolen BTC in order to “clean” them for re-use. This was the first time an exchange as big as Binance was attacked, raising the question, ‘how much security is enough to be safu?’
These aren’t the only cases where hackers have had their way. The CipherTrace report registered multiple cases around the world where thieve used Ponzi schemes, Sim Swapping, phishing scam etc. to break and take from the system. In the second quarter of 2019 alone, approximately $4.3 billion were lost to criminal and fraudulent activity, prompting the need for a hack-proof system.