The reason why the money was stolen was found! 7074 bitcoins were lost like this.

At 8:28 on the morning of May 8, the well-known cryptocurrency exchange currency confessed to being hacked again. As of the current writing time, 7074.18 bitcoins have been stolen.

The following is the safety information update announcement issued by the official Weibo.

In this regard, the founder of the currency, Zhao Changpeng, first disclosed the details of hacking money in the AMA. He said that hackers have previously discovered security vulnerabilities in the system, but they have been very patient until the system has a large transaction.

Live address:

https://www.pscp.tv/w/b6I-lTFQWEVkQlBQQlBsS2V8MW1yR212anBicUJKea09rHwXRK_mMqOZXufBTFd6iCrb7SjGYhQ4_QOvoDet

In addition, Zhao Changpeng also disclosed that Qian’an had discovered “a large-scale security vulnerability” in the early morning of May 7, which caused hackers to access user API keys, two-factor authentication codes, and other information. According to a transaction announced in the security notice, the hacker took away $4 million worth of bitcoin from the Dollar Security Exchange.

Security company: or leaked for user API key and Secret key information

For this attack, the blockchain base camp contacted the Beosin Chengdu Chain Security Technology Safety Team for the first time, and conducted an in-depth analysis of the incident. Old irons, first understand the transaction details:

The incident occurred at 575,013 blocks, with a total loss of up to 7,074 BTCs, involving a total of 44 coin addresses:

Detailed coin address

As of now, the coin security wallet (1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s) has been stolen about 7074.18 BTC.

At present, the balance of the hot wallet of the coin is 3,612.69114593 BTC, indicating the security of the private key of the coin hot wallet. After team analysis, at 01:17:18 on May 08, the coin interface operation is initiated at the same time through the API interface.

The API key and Secret key will be generated after the API application of the Currency Exchange, as shown below:

The API interface has limited user open IP restrictions and open withdrawals. Open withdrawal is the direct use of API key and Secret key to withdraw cash, no need to collect verification code, SMS, Google verification code. As shown below:

The API part of the official call code demo is as follows:

From https://github.com/binance-exchange/python-binance

Chengdu Chain Security analysis is considered to be the attack caused by the user's API key and Secret key information leakage .

If the user does not limit the IP and configures the open cash withdrawal function, any attacker can obtain the API key and Secret key information to implement the attack.

The user's information disclosure path may include:

1, ordinary users generally do not use api key, generally advanced users use the code to achieve automated transactions, may be the user source code leaks lead to api Secret key leak

2. The user is attacked by phishing, and the API key and Secret key are entered and intercepted by the hacker.

3. The computer saved by the user's API key and Secret key is attacked and stolen.

4, the currency security exchange system causes the user API key and Secret key to leak, of which only 71 users open the cash withdrawal function, stolen coins.

The main 20 addresses of the 7074 BTCs stolen by hackers are as follows:

In addition, the blockchain base camp also interviewed Wu Jiazhi, vice president of research and development at PeckShield. Teacher Wu believes that the incident of the stolen money can be analyzed in three levels: exchange, account management system, and individual users.

1. The probability of the exchange level is low. For example, the previous Dragon Net event is caused by the installation of malware by the customer service personnel and penetration into the internal network;

2, account hosting, is the retail investment of such software, the application interface to the intermediary, once the intermediary is infiltrated, may get a large number of interface secrets at one time, causing such problems, such software may be downloaded It is possible to replace the installation package, or the server of the middleman is broken.

3. The third category is the device of an individual user, such as a Trojan horse installed on a mobile computer, etc., and obtains API secret and 2FA authentication from the personal user device.

In addition, Teacher Wu also said that he saw the money packaged in the transaction of the 7074 BTC in a transaction. The main target address is 20 new addresses. This situation can actually trigger the risk control mechanism, such as the withdrawal of funds within the unit time. The amount and the amount that can be received by the new address.

Let’s take a look at the reaction of the big guys

After the incident, Sun Yuchen, the founder of the wave field, issued a message at the first time, “No need to panic, everything is fine! I am willing to come up with the equivalent of 7000BTC dollars into the currency.” Of course, the premise is that Zhao Changpeng agreed to do so.

In fact, Zhao Changpeng said that he does not need it. "I really appreciate it, but I don't need it now. The currency security will make up for the loss through the SAFU fund, and it is enough. We are just injured, not bankrupt."

And some people are not so friendly.

FCoin founder Zhang Jian does not think so. In response to the stolen 7000 bitcoin incidents in the currency, he hopes that everyone will not use this stolen incident to attack others. This is a bad thing for others, a platform's reputation and other aspects. The accumulation takes time.

However, the coin "stolen BTC" is borne by the amount of money security, and it is also very domineering!

It is believed that the occurrence of more than 7,000 BTC thefts in the currency will inevitably lead to regulatory involvement, personal attention to privacy protection, and improvement of the exchange's risk control mechanism. The blockchain base camp will continue to track the incident. And for further in-depth reports, the old irons, we must continue to pay attention to 哟.

Edit | Page

Produced | Blockchain Base Camp

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Market

The encryption fund giant grayscale "bright home": 11,000 bitcoins bought in one month, has been sitting on 1.97 billion US dollars bitcoin

American crypto asset management company and crypto asset fund Grayscale Investments have recently shown their rich f...

Blockchain

Last miner: Can I continue mining when Bitcoin drops to $ 1,000?

Source of this article: Caiyun Blockchain Adaptive Capital partner and on-chain analysis expert Willy Woo said that a...

Blockchain

We have forgotten that Bitcoin does not yet have a globally recognized story.

Everyone has a different understanding of volatility. This is like different people seeing the same headlines, they a...

Blockchain

There are now 784,000 Bitcoin addresses holding more than 1 BTC. Will this affect the price?

Studies have shown that the number of account addresses holding Bitcoin has surged by more than 10%, and detailed obs...

Blockchain

Senior crypto trader: "Bitcoin is digital gold" has not been confirmed, prefer band trading

Encrypted media Cointelegraph interviewed Christopher Inks, a senior encryption trader at market research firm TexasW...

Blockchain

When does the altcoin catch up with Bitcoin? Not far away

Bitcoin rose, and the altcoin fell or did not rise. Bitcoin fell and the altcoin plummeted. If Bitcoin is used as the...