The reason why the money was stolen was found! 7074 bitcoins were lost like this.
At 8:28 on the morning of May 8, the well-known cryptocurrency exchange currency confessed to being hacked again. As of the current writing time, 7074.18 bitcoins have been stolen.
The following is the safety information update announcement issued by the official Weibo.
In this regard, the founder of the currency, Zhao Changpeng, first disclosed the details of hacking money in the AMA. He said that hackers have previously discovered security vulnerabilities in the system, but they have been very patient until the system has a large transaction.
In addition, Zhao Changpeng also disclosed that Qian’an had discovered “a large-scale security vulnerability” in the early morning of May 7, which caused hackers to access user API keys, two-factor authentication codes, and other information. According to a transaction announced in the security notice, the hacker took away $4 million worth of bitcoin from the Dollar Security Exchange.
Security company: or leaked for user API key and Secret key information
For this attack, the blockchain base camp contacted the Beosin Chengdu Chain Security Technology Safety Team for the first time, and conducted an in-depth analysis of the incident. Old irons, first understand the transaction details:
The incident occurred at 575,013 blocks, with a total loss of up to 7,074 BTCs, involving a total of 44 coin addresses:
Detailed coin address
As of now, the coin security wallet (1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s) has been stolen about 7074.18 BTC.
At present, the balance of the hot wallet of the coin is 3,612.69114593 BTC, indicating the security of the private key of the coin hot wallet. After team analysis, at 01:17:18 on May 08, the coin interface operation is initiated at the same time through the API interface.
The API key and Secret key will be generated after the API application of the Currency Exchange, as shown below:
The API interface has limited user open IP restrictions and open withdrawals. Open withdrawal is the direct use of API key and Secret key to withdraw cash, no need to collect verification code, SMS, Google verification code. As shown below:
The API part of the official call code demo is as follows:
Chengdu Chain Security analysis is considered to be the attack caused by the user's API key and Secret key information leakage .
If the user does not limit the IP and configures the open cash withdrawal function, any attacker can obtain the API key and Secret key information to implement the attack.
The user's information disclosure path may include:
1, ordinary users generally do not use api key, generally advanced users use the code to achieve automated transactions, may be the user source code leaks lead to api Secret key leak
2. The user is attacked by phishing, and the API key and Secret key are entered and intercepted by the hacker.
3. The computer saved by the user's API key and Secret key is attacked and stolen.
4, the currency security exchange system causes the user API key and Secret key to leak, of which only 71 users open the cash withdrawal function, stolen coins.
The main 20 addresses of the 7074 BTCs stolen by hackers are as follows:
In addition, the blockchain base camp also interviewed Wu Jiazhi, vice president of research and development at PeckShield. Teacher Wu believes that the incident of the stolen money can be analyzed in three levels: exchange, account management system, and individual users.
1. The probability of the exchange level is low. For example, the previous Dragon Net event is caused by the installation of malware by the customer service personnel and penetration into the internal network;
2, account hosting, is the retail investment of such software, the application interface to the intermediary, once the intermediary is infiltrated, may get a large number of interface secrets at one time, causing such problems, such software may be downloaded It is possible to replace the installation package, or the server of the middleman is broken.
3. The third category is the device of an individual user, such as a Trojan horse installed on a mobile computer, etc., and obtains API secret and 2FA authentication from the personal user device.
In addition, Teacher Wu also said that he saw the money packaged in the transaction of the 7074 BTC in a transaction. The main target address is 20 new addresses. This situation can actually trigger the risk control mechanism, such as the withdrawal of funds within the unit time. The amount and the amount that can be received by the new address.
Let’s take a look at the reaction of the big guys
After the incident, Sun Yuchen, the founder of the wave field, issued a message at the first time, “No need to panic, everything is fine! I am willing to come up with the equivalent of 7000BTC dollars into the currency.” Of course, the premise is that Zhao Changpeng agreed to do so.
In fact, Zhao Changpeng said that he does not need it. "I really appreciate it, but I don't need it now. The currency security will make up for the loss through the SAFU fund, and it is enough. We are just injured, not bankrupt."
And some people are not so friendly.
FCoin founder Zhang Jian does not think so. In response to the stolen 7000 bitcoin incidents in the currency, he hopes that everyone will not use this stolen incident to attack others. This is a bad thing for others, a platform's reputation and other aspects. The accumulation takes time.
However, the coin "stolen BTC" is borne by the amount of money security, and it is also very domineering!
It is believed that the occurrence of more than 7,000 BTC thefts in the currency will inevitably lead to regulatory involvement, personal attention to privacy protection, and improvement of the exchange's risk control mechanism. The blockchain base camp will continue to track the incident. And for further in-depth reports, the old irons, we must continue to pay attention to 哟.
Edit | Page
Produced | Blockchain Base Camp