The reason why the money was stolen was found! 7074 bitcoins were lost like this.

At 8:28 on the morning of May 8, the well-known cryptocurrency exchange currency confessed to being hacked again. As of the current writing time, 7074.18 bitcoins have been stolen.

The following is the safety information update announcement issued by the official Weibo.

In this regard, the founder of the currency, Zhao Changpeng, first disclosed the details of hacking money in the AMA. He said that hackers have previously discovered security vulnerabilities in the system, but they have been very patient until the system has a large transaction.

Live address:

https://www.pscp.tv/w/b6I-lTFQWEVkQlBQQlBsS2V8MW1yR212anBicUJKea09rHwXRK_mMqOZXufBTFd6iCrb7SjGYhQ4_QOvoDet

In addition, Zhao Changpeng also disclosed that Qian’an had discovered “a large-scale security vulnerability” in the early morning of May 7, which caused hackers to access user API keys, two-factor authentication codes, and other information. According to a transaction announced in the security notice, the hacker took away $4 million worth of bitcoin from the Dollar Security Exchange.

Security company: or leaked for user API key and Secret key information

For this attack, the blockchain base camp contacted the Beosin Chengdu Chain Security Technology Safety Team for the first time, and conducted an in-depth analysis of the incident. Old irons, first understand the transaction details:

The incident occurred at 575,013 blocks, with a total loss of up to 7,074 BTCs, involving a total of 44 coin addresses:

Detailed coin address

As of now, the coin security wallet (1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s) has been stolen about 7074.18 BTC.

At present, the balance of the hot wallet of the coin is 3,612.69114593 BTC, indicating the security of the private key of the coin hot wallet. After team analysis, at 01:17:18 on May 08, the coin interface operation is initiated at the same time through the API interface.

The API key and Secret key will be generated after the API application of the Currency Exchange, as shown below:

The API interface has limited user open IP restrictions and open withdrawals. Open withdrawal is the direct use of API key and Secret key to withdraw cash, no need to collect verification code, SMS, Google verification code. As shown below:

The API part of the official call code demo is as follows:

From https://github.com/binance-exchange/python-binance

Chengdu Chain Security analysis is considered to be the attack caused by the user's API key and Secret key information leakage .

If the user does not limit the IP and configures the open cash withdrawal function, any attacker can obtain the API key and Secret key information to implement the attack.

The user's information disclosure path may include:

1, ordinary users generally do not use api key, generally advanced users use the code to achieve automated transactions, may be the user source code leaks lead to api Secret key leak

2. The user is attacked by phishing, and the API key and Secret key are entered and intercepted by the hacker.

3. The computer saved by the user's API key and Secret key is attacked and stolen.

4, the currency security exchange system causes the user API key and Secret key to leak, of which only 71 users open the cash withdrawal function, stolen coins.

The main 20 addresses of the 7074 BTCs stolen by hackers are as follows:

In addition, the blockchain base camp also interviewed Wu Jiazhi, vice president of research and development at PeckShield. Teacher Wu believes that the incident of the stolen money can be analyzed in three levels: exchange, account management system, and individual users.

1. The probability of the exchange level is low. For example, the previous Dragon Net event is caused by the installation of malware by the customer service personnel and penetration into the internal network;

2, account hosting, is the retail investment of such software, the application interface to the intermediary, once the intermediary is infiltrated, may get a large number of interface secrets at one time, causing such problems, such software may be downloaded It is possible to replace the installation package, or the server of the middleman is broken.

3. The third category is the device of an individual user, such as a Trojan horse installed on a mobile computer, etc., and obtains API secret and 2FA authentication from the personal user device.

In addition, Teacher Wu also said that he saw the money packaged in the transaction of the 7074 BTC in a transaction. The main target address is 20 new addresses. This situation can actually trigger the risk control mechanism, such as the withdrawal of funds within the unit time. The amount and the amount that can be received by the new address.

Let’s take a look at the reaction of the big guys

After the incident, Sun Yuchen, the founder of the wave field, issued a message at the first time, “No need to panic, everything is fine! I am willing to come up with the equivalent of 7000BTC dollars into the currency.” Of course, the premise is that Zhao Changpeng agreed to do so.

In fact, Zhao Changpeng said that he does not need it. "I really appreciate it, but I don't need it now. The currency security will make up for the loss through the SAFU fund, and it is enough. We are just injured, not bankrupt."

And some people are not so friendly.

FCoin founder Zhang Jian does not think so. In response to the stolen 7000 bitcoin incidents in the currency, he hopes that everyone will not use this stolen incident to attack others. This is a bad thing for others, a platform's reputation and other aspects. The accumulation takes time.

However, the coin "stolen BTC" is borne by the amount of money security, and it is also very domineering!

It is believed that the occurrence of more than 7,000 BTC thefts in the currency will inevitably lead to regulatory involvement, personal attention to privacy protection, and improvement of the exchange's risk control mechanism. The blockchain base camp will continue to track the incident. And for further in-depth reports, the old irons, we must continue to pay attention to 哟.

Edit | Page

Produced | Blockchain Base Camp

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

85% of Bitcoin has been dug up, and it will take 100 years to dig all

On Wednesday, cryptocurrency enthusiasts announced on Twitter that the number of bitcoins dug up has exceeded 17.85 m...

Blockchain

Four central banks cut interest rates within two days, and Bitcoin “safe haven properties” received attention

In the past two days, central banks in four countries in the Asia-Pacific region have announced interest rate cuts. T...

Market

The currency wants to roll back Bitcoin, which is essentially a hegemonic thinking.

The biggest news yesterday was not the loss of 7,000 bitcoins in the currency (the exchange was really not news). Ins...

Opinion

Why did hardware wallet Ledger launch the Ledger Recover service, which has sparked criticism from the Web3 community?

It may not be a good idea for Ledger to launch the Recover service, as it breaks all the principles of using a hardwa...

Blockchain

Bitcoin may really fall to $8500 for the pit of the CME Group futures.

In the cryptocurrency market, traders are often reluctant to wait for "long enough" time to fill the spread...

Blockchain

Bitcoin developer: 21 million supply cap is a "religious" belief, we may implement a hard fork of inflation

According to Trustnodes reported on February 24, Peter Todd, the main advocate of Bitcoin's 1MB block, said that...