The hacker is keeping a close eye on the currency exchange: 5 were killed and 8 were "Lai Lai"

Digital currency is becoming a fertile ground for hackers. The hot exchange is undoubtedly a huge "gold mine" that has been stared at by hackers, waiting for an opportunity.

Yesterday morning (May 8th), the global head cryptocurrency trading platform Binance Coin was stolen 7074 bitcoins, estimated at real-time currency, with losses exceeding $41 million. According to the analysis of blockchain data and security service provider PeckShield, the attack method of this incident is that the hacker collects the account information of the coin security user by means of phishing, and then uses 71 account concurrent API to perform the operation at block height 575013. . Afterwards, Binance Co., Ltd. immediately announced the full compensation for user losses.

A stone provoked a thousand waves, this incident not only caused yesterday's digital currency to fall across the board, but even on the front page of Bloomberg's terminal, we must know that the front page of Bloomberg terminals is generally news about the movements of central banks. The “block reorganization” mentioned by Zhao Changpeng, the founder of Binance Coin, followed by Twitter, has also led to a general discussion about the core spirit of the bitcoin/blockchain modification.

However, this is not the first time Binance has been hacked. In March and July 2018, Binance has also experienced hacking. However, when the hacker extracted a large amount of bitcoin, it triggered its risk control system, and the account was frozen. Binance also Therefore, I was lucky enough to escape the two robberies.

In fact, the security incidents of hacking exchanges are not uncommon. Binance is not the only victim, nor the worst victim. So who is the most hacked in history? Who lost the most? Who closed the door because of hacking? Who became the "Lai Lai" after the attack? PAData reviews the panorama of exchange security events by collating publicly available information [1] on the web.

Will it be unlucky after being stolen 1 time?

3 exchanges have been stolen 3 times

PAData collected 26 exchanges of stolen transactions since 2010, involving 18 major exchanges. Thirteen of them publicly admitted to having been stolen, and the other five exchanges were unlucky. Mt. Gox and Biter BTER were stolen twice, while Binance, Bitcoinica and Bithumb were stolen three times.

By contrast, Binance is a bit "lucky" than Bitcoinica and Bithumb. Only one of the three attacks was hacked, which was the stolen 7074 bitcoins on May 8. The three stolen events that Bitcoinica encountered were more dramatic in time. The hackers did not give Bitcoinica a chance to breathe. They launched attacks in March, May, and July 2012. Bitcoinica, which suffered a "three-shot", finally announced. shut down. Bithumb, Korea's largest exchange, has also been favored by hackers in recent years. In June 2017, June 2018 and March 2019, it was stolen and the losses were heavy.

From the perspective of the currency involved in 26 thefts, hackers love to steal bitcoin. This may be because Bitcoin, as the most mainstream cryptocurrency, is far superior to other cryptocurrencies in the breadth and depth of circulation, which means that bitcoin in each exchange is the most valuable currency, and also This means that the hacker can get out of hand immediately after he succeeds. According to public information, Bitcoin has been stolen from 10 of the 18 exchanges. The three stolen money incidents that caused Bitcoinica to close down are bitcoin stolen, which has caused Mt. Gox to be troubled. The 2 times of stolen money was also the theft of Bitcoin.

It is also worth noting that in the past year, there has been a new situation in the stolen currency. Five exchanges have been stolen in multiple currencies, including two multi-currency thefts in Bithumb. Coinrail, Cryptoia, DragonEx, and Zaif have each experienced a multi-currency theft. At the same time, Bitmumb was also the first exchange to suffer from multi-currency theft. In June 2018, Bitmumb was stolen by 11 kinds of cryptocurrencies, but the official did not disclose the specific currency. On March 24, 2019, DragonEx officially announced the theft of more than 20 cryptocurrencies, which may be the most attacked by the current stolen currency.

Is the $40 million loss "the most tragic"?

There are two exchanges that lost more than $400 million.

Binance was stolen 7074 bitcoins, estimated according to yesterday's real-time currency price [2], and the loss was about 41.24 million US dollars. This is the 9th largest security incident in the public information collected by the exchange due to theft. But even more tragic is Mt. Gox and Coincheck. The loss is 10 times that of Binance's theft, reaching more than $400 million.

In February 2014, Mt. Gox was hacked and robbed of about 850,000 bitcoins, which was equivalent to a loss of $457.9 million at the current currency price. It is the most volatile exchange that has been lost so far. Followed by Coincheck, on January 26, 2018, Coincheck was stolen 500 million NEMs, which was converted at a price of about $0.84 per day, equivalent to a loss of $4.199 billion. Both Mt. Gox and Coincheck (Zeng) are one of the largest cryptocurrency exchanges in Japan.

In addition, the exchanges with heavy losses include Italy's cryptocurrency exchange BitGrail. On February 11, 2018, BitGrail was stolen 17 million NANO coins, which was equivalent to a loss of about 1.4127 billion dollars. The South Korean cryptocurrency exchange Bithumb was stolen on March 29, 2019, including EOS, XRP and other cryptocurrencies. Officials did not disclose specific losses. According to PeckShield, the loss was about $90 million. Bitfinex, Zaif, and Coinrail also suffered losses of more than $50 million due to stolen money.

What can I do if the exchange does not lose?

There have been user subsidies, court intervention, and token issuance

After being robbed yesterday, Binance announced that it would bear the loss of 40 million US dollars and pay the users in full. In addition to Binance, Coincheck, Bitstamp, Biki.com and Poloniex also paid the full loss of all the money-cutting attacks. Coincheck undertook more than $400 million in losses, and Bitstamp, Biki.com and Poloniex each assumed 4.73 million. Loss of 280,000 and 60,000 US dollars. In addition, Bithumb only took one of the three losses of stolen money in full. After being stolen in June 2018, Bithumb announced that it would fully bear the loss of 16.89 million US dollars. Biter BTER only took one of the two losses of stolen money twice. After the money was stolen in January 2015, Biter BTER announced that it would bear the full loss of $1.84 million. There are also three exchanges that partially pay off the user's losses, namely Bitfloor, Youbit and Zaif.

In addition to these exchanges that have the financial means to bear the losses, there are still many exchanges that have become "old Lai." For example, the most famous "Lai Lai" Mt. Gox, did not bear the loss after two incidents of the currency, because it could not afford to directly declare bankruptcy of more than 450 million US dollars, and the Japanese court is still liquidating it. Another exchange that was also involved in compensation by the court was the Italian exchange BitGratil. Public information showed that the Italian court confiscated the personal property of its founder to pay for the loss of users.

But this is not the most "reliable" way. After the court intervenes, the user still has the possibility of getting compensation. In addition, there are 4 exchanges with unpaid losses, namely BTER, Coinsecure, DragonEx, and Bithumb; the two exchanges claim to be paid in full but no follow-up reports prove that they have been repaid, and are temporarily unknown, namely Bitcoinica and Cryptopia.

In addition, the reimbursement methods of the two types of routines are also shown in the public information. In August 2016, Bitfinex stole 119,756 bitcoins and forced all users of the platform to share a total loss of more than $69 million. In June 2018, Coinrail did not pay the user's losses after being stolen, including ETH, NPXS, ATX, DENT and other parts of the virtual currency. Instead, it was issued by the token to choose whether to pay compensation. According to reports, DENT’s issuance has been announced. Full compensation.

Only three of the 18 exchanges that have experienced the piracy incident have closed, two are in the process of bankruptcy, and the remaining 13 are all operating normally. Not only do big companies like Binance and Coincheck can afford tens of millions of dollars or even hundreds of millions of dollars, but they still operate normally after multiple attacks like Bithumb and Biter BTER. The exchange controls the flow of the currency, shares the dividends brought by the cryptocurrency economy, and has indeed earned a lot of money. These exchanges may be more valuable and more resistant to risks than many people think.

Hacking the platform hot wallet is the most common

According to the public data and simple induction, PAData can find that hackers invade the platform hot wallet by obtaining private keys and malicious code. This is the most common attack method. 11 out of 26 times may be this way.

For example, in June 2018, Bitfinex was stolen 119,756 bitcoins because hackers avoided multiple signatures and invaded the platform hot wallet; in June 2018, the Korean cryptocurrency exchange Bithumb and Coinrail’s stolen money incidents were investigated by the Ministry of Science, Technology and Information Technology of Korea. It was later confirmed that the hacker attacked the hot wallet of the exchange through malicious code; on March 24, 2019, DragonEx officially announced that the money piracy incident was caused by hacking of the platform wallet.

In addition, the number of successful hackers who have obtained attacks after obtaining user data is also high. A total of 8 out of 26 exchange piracy incidents are caused by this reason. After Binance was stolen, PeckShield confirmed that the hacker's attack method was to collect the customer's account information by means of phishing, and then use 71 accounts to send APIs to implement the coin operation.

Binance's previous two security incidents of stolen money were also due to the hacker's access to the user's API Key. The hacker hacked the API key of some Binance users through the unicode phishing URL and then invaded the Binance exchange through the API interface. In addition, Bitcoinica, Bithumb, Cryptopia and BiKi.com have also suffered such attacks.

In addition, there have been DDoS attacks, fraudulent transactions, and exploit code vulnerabilities.

Fishing, crashing into the library… The Internet Black Legion has moved to the digital currency field, trying to get the private key of the big family or the exchange password. Some hackers have predicted that the black chain for digital currency will be completely formed in the second half of 2018. Most of the currency people will be in a security crisis.

"There is a saying in the hacker circle that the $1 million price can break all the security solutions of all the websites, and it can't prevent them from being broken." Zhao Dong, founder of DGroup, said on Weibo. For the deep-seated retail investors, the only thing that can be done is to look at your digital wallet and prevent website phishing. PANews has previously written an anti-phishing guide for readers' reference.

the data shows:

[1] The exchange security incidents collected this time are based on the security incidents officially recognized by the exchange, that is, the security incidents that the exchange does not recognize as hacking are not counted in the statistics. The other criteria for obtaining the dimensional data are: if there is The official announcement is subject to the official announcement. If there is no official announcement, the news published by well-known security companies such as PeckShield will prevail. If the above reliable sources do not provide valid information, then refer to other media reports. In this case, PAData will compare the reports from two or more different sources. If the data is biased, in the media (traditional media> portal Website>Mainstream industry vertical media, other media sources are not considered. Most recent reports are subject to the latest. Despite this, considering that the blockchain is still a niche area (lack of mainstream media coverage), industry media has the possibility of learning from each other, so the possibility of a small amount of deviation in the data is not excluded.

[2] If the attack occurs, the real-time currency price is recorded as the closing price of the day on CoinMarketCap. If the date of the attack is not testable, this may be because the comparison has not been reported earlier, or it may be because of the attack time. For consecutive days, the real-time currency price is recorded as the average of the closing price of the month on CoinMarketCap. Among them, Bitcoin's currency price data before April 2013 is missing in CoinMarketCap. For this part of the data, refer to BitInforCharts. CoinMarketCap's data is still used in the case of missing bitcoin price. Considering that other small currency currencies are not available in BitInforCharts, this method is used to maximize the price source. If no specific loss is announced, it is recorded as 0. The real-time estimated loss based on this currency calculation method is an estimated value, expressed as E.