Currency security "monitoring self-stealing"? Don't let the hacker internally dispel the trust of the entire cryptocurrency

At 7:00 on May 8th, 2019, Beijing time, the Announcement of the Coin Announced that at 1:15:24 am, the coin security hot wallet was attacked by hacker groups and was successfully taken away by 7,000 bitcoins. The currency security "proactively admitted to being stolen" after a few hours of hacking.

Screenshot 2019-05-07 Afternoon 3.12.00

Image source: pixabay

Stolen timeline

In fact, a few hours before the announcement was issued, Chan Chang’s CEO Zhao Changpeng issued a tweet. “The currency security has to carry out some unplanned server maintenance, which will affect deposits and withdrawals for several hours. But the funds are safe and the transactions are Not affected."

According to the official attack, the hacking has occurred. A few hours later, Zhao Changpeng once again announced that Twitter will announce more details soon. After that, the Announcement of the Announcement acknowledged that it had been hacked, and Zhao Changpeng forwarded the announcement to confirm it.

Timeline :

The currency was hacked in the early morning → Zhao Changpeng said that he needed to carry out unplanned platform maintenance → Zhao Changpeng once again said that more information will be announced → the currency announcement announced the theft

The official version of the stolen reason: hackers use a variety of attack techniques combined attack

According to the announcement in the announcement, "This attack is a large-scale systemic attack. The hacker can obtain a large number of user API keys, Google verifies the 2FA code and other related information; the hacker group uses a composite attack technology. Including phishing, viruses and other means of attack."

It is worth noting that in this coin, the coin-operated coin control system did not effectively alarm. The hacker made a deal and took over 7,000 bitcoins at a time.

Analysis of the reasons for the theft of external security companies: long-term APT penetration

According to the analysis of Beijing Chain Security, the address of the stolen coin Anwar wallet is 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s. At present, the balance of the hot wallet address still exists, and the balance is 3162.69714593. In line with the official announcement description, the funds were stolen and stolen through the process of withdrawing money instead of the hot wallet private key. The single-note coin reached 7000 bitcoin but the coin-operated coin control system did not provide an effective warning. The API transaction key and the Google verification 2FA code are saved by the user and the currency security server, and the amount of the stolen is huge. It is very likely that the intranet has been hacked by hackers for a long time, and not by single or bulk users being hacked by phishing viruses. The stolen 7,000 bitcoins are scattered among more than 40 hacker-controlled wallet addresses and have not been transferred.

External conspiracy theory

After the announcement of the announcement by the currency security, the conspiracy theory appeared in the community. The currency security supervision and self-stealing, the currency security deployment in advance, the empty single explosion, and the currency security self-directed performance. . .

The exchange cannot prove itself to be self-defeating

Former Firecoin Network CTO and BHex founder Ju Jianhua said today in the WeChat circle that this is the second time that the same problem has occurred in the currency security. The main problem of the exchange’s business structure is that the assets are stolen and it cannot be proved. I am guarding myself. This kind of thing will continue to happen as long as the three layers of services such as custody clearing and matching transactions and brokerages are not separated.

Coin assists bitfinex and Tether

After the attack was released, the most active on Twitter was Bitfinex "Terminator", the famous cryptocurrency critic and the blackout revealer Bitfinex'ed. He has published several tweets in succession, he said:

"The most important point is that in the coming week, the currency will stop all withdrawals, and the world's largest Tether exchange will not let you withdraw a week."

Screenshot 2019-05-08 11.33.50 AM

"Do you know who can withdraw coins from the coins? Insiders. They will sell their own coins, and your coins can only be trapped in the currency. They can seize the liquidity that exists, and wish you good luck. ”

Screenshot 2019-05-08 11.33.09 AM In addition, interestingly, cryptocurrency analyst Alex Krüger launched a vote on Twitter, and JP Morgan Chase and BAKKT wanted to buy cheaper Bitcoin, so they planned the theft of the Dollar Security Exchange. At the time of writing, 21% of netizens have agreed, and 47% of netizens said it is ridiculous.

Screenshot 2019-05-08 11:33.16 AM

Market impact of the stolen money

As one of the world's largest cryptocurrency exchanges, after the announcement of the stolen money, the cryptocurrency market fell rapidly and failed to continue the upward trend yesterday. Bitcoin showed a correction after breaking through 6,000 US dollars, and once fell below 5,800 US dollars. Other mainstream currencies also fell, and the currency platform BNB fell the most. As of press time, according to QKL123 data, BNB fell more than 6%, once fell below $20.

However, according to the previous record of two money thefts, the BNB's decline in the period after the theft occurred reached double digits.

In addition, large-scale theft incidents will also alert regulators.

In response to the stolen 7000 BTC incidents, Galaxy Digital founder Michael Novogratz replied:

“When there is a theft in the world’s largest exchange, 2% will have a big impact. This is an unavoidable result and will definitely lead to more scrutiny by regulators.”

Screenshot 2019-05-08 11.41.12 am

In addition, the stolen 7000 bitcoin will not have a huge impact on the operation of the exchange. According to Qian’an, the hot wallet that was attacked only accounted for 2% of the total amount of Bitcoin it held. This projection currency holds nearly 350,000 bitcoins.

In the announcement, the currency also stated that it will use the “SAFU Fund” to fully bear the full loss of this attack. No users have any loss. Therefore, this attack did not cause users to panic and sell off. At the time of writing, the cryptocurrency market has stabilized and Bitcoin has hovered above $5,800. BNB has rebounded from a maximum 11% decline to around 6%.

We will continue to follow the follow-up progress of the hacker incident.