The currency was stolen 7,000 bitcoins. The analysis concluded that the intranet was hacked by long-time APT penetration, and the price of BTC was affected.

“There are also security vulnerabilities in the successful centralized exchanges.”

(Image from Twitter)

According to the currency announcement, at 1:15:24 am on May 8, the currency was hacked and lost 7,000 BTCs (about $41 million).

Being phishing to collect user information

The currency explained that hackers mainly use composite attack technology, including phishing, viruses and other means of attack, and obtain a large number of registered user API keys (authentication, control access), Google verification 2FA code and other related information. In order to carry out the withdrawal operation.

According to PeckShield digital asset escort system data, up to now, 7,074 BTCs lost by the money security wallet were temporarily stored by hackers in 20 major addresses, and have not spread further. The hacker collects the customer's account information through fishing, etc., and then uses 71 accounts to concurrently send APIs to the coin at 05:17:18 on May 08, Beijing time. Finally, the attack is implemented at block height 575013 (and the block of the currency announcement) Height 575012 differs by one block).

However, according to Beijing Chain Security, the stolen 7,000 bitcoins are scattered among more than 40 hacker-controlled wallet addresses and have not been transferred. The address of the stolen coin Anwar wallet is 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s. At present, the balance of the hot wallet address still exists, and the balance is 3612.69114593. In line with the official announcement description, the funds were stolen and stolen through the process of withdrawing money instead of the hot wallet private key.

Beijing Chain Security analysis believes that both the user and the coin security server have saved the API transaction key and the Google verification 2FA code. The stolen is most likely because the currency security network has been hacked by the hacker for a long time, not a single or batch user. Invaded by a phishing virus.

In addition, the currency security warning system also has problems, the coin reaches 7,000 bitcoin, but the coin security control system of the currency security has not been effectively alerted.

In response to the theft of the currency, the founder of the Loopring Road Printing Agreement, Wang Dong, said in a circle of friends:

  • There are also security vulnerabilities in successful centralized exchanges, not just the technical level, but also internal controls;
  • The larger the amount of funds, the bigger the target, the higher the security cost – the hacker does not see the small exchange;
  • The decentralized exchanges currently seen on the market have failed without exception, including the first two versions of the road printing and all versions of 0x.

At present, the currency has not yet announced the number of accounts specifically attacked, only announced that the loss reached 7,000 bitcoins.

(Transfer screenshot)

Coin compensation loss

As for the loss of the user, the currency security side promised to use the "SAFU Fund" to fully bear the full loss of this attack.

In July 2018, Coin Security established the User Security Assets Fund (SAFU), which allocated 10% of all transaction fees received to the fund to provide coverage for potential vulnerabilities.

"It (hacking) only affects our BTC hot wallet (about 2% of our total BTC), all our other wallets are safe, and no user funds are affected in this incident. Respond.

In order to prevent hackers from controlling other undiscovered user accounts for unusual operations such as transactions and withdrawals, Coin Ann announced that it will conduct a thorough security review of the system and data, which is estimated to take about one week. During the review period, the recharge and withdrawal will be suspended, but the user will be allowed to trade.

Zhao Changpeng will hold an online Q&A

After the attack, Zhao Changpeng also explained the attack on Twitter and said: "No need for FUD (fear fear), the funds are SAFU."

Most Twitter users have a positive attitude toward the loss of the currency, but some people do not buy it. The netizens’ doubts about the currency are mainly concentrated on the following points:

First, the freezing and depositing time is too long. Some users are worried that the currency security system is not safe but there is no way to withdraw money in time.

(It takes a week now, I am sitting on a needle felt)

(When I realized that the deposit was in maintenance, I began to panic.)

Second, some netizens feel that the currency security guards are self-stealing, but since the currency has already said that it will compensate, this argument is obviously untenable.

(CZ is stealing your bitcoin, friends)

“Only employees or their people can steal it.”

As of press time, TRON founder Sun Yuchen said on Weibo that if Zhao Changpeng agrees, he will deposit 7,000 BTC equivalent US dollars (a total of 40 million US dollars) into the currency security for the purpose of increasing the holding currency (BNB). ), Bitcoin (BTC), Wave Field (TRX) and Currency (BTT).

As an exchange, how can the intranet be penetrated for a long time? This kind of attack means the author thinks of a hacker organization, Lazarus. Previously, 360 security experts told the Odaily Planet Daily that Lazarus would normally become a "friend" with the exchange for half a year, and then infiltrated the intranet by means of email and phishing software. Previously, DragonEx and OKEx were attacked by it. The currency and the fire currency are also one of their goals.

At present, it is not clear how the hacker's specific attack process, the CEO of Changan Zhao Changpeng held an online Q&A through Periscope at 11 o'clock today.

Shock bitcoin price

What is the impact of the currency on the market? At present, the price has begun to decline. After the attack, the BTC price began to fall from 5,960 US dollars, once fell below 5,800 US dollars, currently temporarily reported 5,882 US dollars.

Weibo netizen's bitcoin believes that although the stolen 7000btc, but for the reserve of more than 300,000 btc of the currency, there is room for turnover, but for the security concerns caused by the btc in the campaign, the decline in popularity is inevitable. "If you want to break through $6,000 in the short term, it will be a tortuous one."

Gilles' bitcoin believes that the loss of the currency will ultimately be the average investor.

"The 7,000 btc that the coin security was stolen, under the key node of the BTC 6000, the currency security will certainly not be bought back at the current price. On the contrary, the currency security will definitely go to a large amount in the case of mastering the stolen information. Short market. Last night's impact of the fall of 6000, the fall after the announcement this morning, I believe that the currency has already held a large number of empty orders, the currency can get low-cost BTC through the market decline, and can get BTC through the futures market short BTC The final price will be the public."

Was attacked by a phishing attack

Around 5 am on July 4, 2018, there was a large amount of cash withdrawals at the Currency Exchange. More than 7,000 BTCs were transferred to the same address within 2 hours. BTC prices range from $6,619 to $6,458 from 6:00 to 9:00. The price fell by 2.4%.

At the same time, another currency, SYS, began to rise violently around 3:30 am on July 4. It rose from $0.244 to $0.4557 and rose 87% in four hours. In addition to the currency security, SYS has generated more than 80 million transactions on Bittrex, Upbit and other platforms.

Subsequently, the currency security issued a temporary maintenance announcement, indicating that temporary maintenance will be carried out, and the operation of withdrawing the transaction will be suspended, and the specific time will be notified separately. Many people have guessed that this is a hacker. The market has also heard the abnormal transaction of the currency or the remarks related to the Syscoin vulnerability.

At that time, He Yi, co-founder of the currency security, responded on Weibo:

"Don't be nervous, we have risk control measures in our currency. Don't listen to other people's rumors."

On the afternoon of the same day, the company issued a statement saying that at 04:18:00 in the morning, some API users had abnormal trading behavior in the SYS transaction and triggered the currency security control system. The currency suspended the transaction and cash withdrawal; the user's assets were completely safe. . It was verified that this incident was a phishing incident for some API users.

Author | Qin Xiaofeng, tea cool

Source: Planet Daily

Violation of the law will be investigated.