Binance Brings Home Bad Press
Shock waves are coursing through the cryptosphere after a massive heist of BTC from the world’s leading crypto exchange by trading volume. Although somewhat muted in response, Binance has shut down for “systems maintenance” and the prospect of panic withdrawals looms once the exchange reopens.
As the dark news spreads, the credibility of hot wallets and the Binance exchange platform is waning – and the price of bitcoin has become collateral damage. As Syscoin was abused in the fraudulent transaction, the project’s team has been in contact with Binance as well as other exchanges to halt movement of the altcoin.
Syscoin is evaluating and patching the blockchain weaknesses that seem to have enabled the attack. In a snapshot of just how technically savvy and complex the realm of cyber-crime can be, the attackers seem to have abused the Syscoin network hashrate while hacking the Binance-run SYS token API. Balancing small windows and possibilities, the attackers constructed a massive attack that has seen millions in BTC stolen.
Hackers have essentially played on collating various potential and real attributes of both Syscoin and the Binance exchange, in order to stage a moment’s hack that has seen some $45 million looted.
Cyber Crooks Smarter Than Binance
In the first few hours following the attack, rumors swirled on social media with many in denial about the possibility. It is now clear, however, that the attack was real and unfortunately successful. Now that first-stage regulation is settling on the cryptosphere, the heist comes as incredibly bad news, likely to prompt a resurgence in urgency and tone from global legislators.
The difficulties of securing a digital asset are never completely eliminated, although for all intents and purposes stealing cryptocurrency is at least as hard as stealing fiat funds electronically.
The Syscoin block explorer shows a snapshot where a billion coins were mined on a single block. This contradicts developer assertions that no more than the 888 million coins could ever be possible for the entire network. Cyber security fundis have suggested that this attack is not merely a simple 51 percent double-spend attack. They point to the technical and seemingly insignificant window of a “buffer overflow vulnerability,” very much like that which allowed corruption on the Bitcoin blockchain in 2010.
Reports state that 7000 BTC were stolen in the Binance hack. After rallying somewhat recently, the price of bitcoin dipped a brisk 2.5 percent as news spread in the immediate aftermath of the attack.
Binance is still closed and users visiting the site have limited navigation and zero transactional ability. The very real concern exists that when reopened, the exchange will suffer massive withdrawal of funds. While this might be just desserts for the platform, wider concern centers on the negative press around digital coins and the price of bitcoin falling. While it appears that the short positions on BTC are still waiting for the true bottom, many others have recently hoped for a rally around support at the $6,000 mark. The Binance hack is likely to take the shine off virtual currencies as a whole, while particularly impacting the BTC price.
Although 2018 has been hailed as the year cryptocurrency joins the mainstream, news of the Binance attack is sure to aggrieve regulators and spook the world’s newcomers to the arena too. Fear, uncertainty and doubt (FUD) are the moment’s defining characteristics, and users await further formal commentary from regulatory bodies and the exchange itself.
Conning The Binance Exchange
The precise details of the attack have not been extrapolated from a technical investigation, which is still underway. That said, a broad construct can be postulated as to how exactly something so big could float for such a window as to end with the successful theft of millions in USD. There have been extreme Syscoin movements on Binance and they point to miners having mined a large number of the network’s blocks in the moment of the attack. Because so many blocks were mined, it is now impossible to roll the chain back and undo the hack.
Tweets from Binance indicate that the Binance API system was exposed in a manner that facilitated the attack. The attackers appear to have accessed Binance’s API for SYS, manipulating it so that they could generate the fraudulent buy-sell order. They were able to both falsely generate new Syscoin while selling them for ridiculously inflated prices. Binance lets its users trade along two routes. One is the through the company web and mobile apps. The other route is for a trader to come through the API and write code to write trades.
The API employs typical keys (access credentials) to authenticate individual traders. It would so far appear that someone succeeded in hijacking many API keys, or that they successfully impersonated several users. Doing this, while maintaining control over a primary account on the exchange, they loaded this account and begun trading on falsified mining results.
Another Dark Moment In The Cryptosphere
There remains no definitive answer as to how exactly the criminal or criminals managed to take such a big bite out of an exchange. Binance, along with other digital exchanges, has made much of its security protocols. Security on a digital exchanges defines user experience and is probably the single greatest determinant of popularity.
Security is likely to rise to the top of the pile of concerns both users and regulators have with cryptocrrencies. As the platform attempts to piece together the answers to how this could have happened, users are left wondering how vulnerable Binance might now be in the aftermath of a successful heist. FUD dominates, and it remains to be seen whether Binance will be back up and running on July 4 or 5, 2018.
As some big names succumb to crime in the industry, exchange vulnerabilities and the heart-breaking losses that ensue from a successful attack are paramount in everyone’s mind. Cryptocurrency holders have few alternatives but to employ exchanges.
Although it does appear that the attack couldn’t have happened without intrinsic Syscoin chain vulnerability, Binance lists the coin and is trusted by users to vet the construct and potential of any project’s blockchain before pitching it to traders.
Either way, the exchange has to own the fallout. The current state of security, especially as exchanges are daily adverts for the immutability and promise of blockchain, is likely to dampen new user uptake and further postpone any coin’s advent as a true global currency.