Cryptocurrency exchange Binance has confirmed a “large scale” data breach in which hackers stole more than $40 million in cryptocurrency.
— The Hacker News (@TheHackersNews) May 8, 2019
Jake Moore, Cyber Security Specialist at ESET:
“This announcement could have a damaging effect on cryptocurrencies. After the rise and fall of crypto in 2017, people have exercised caution when it comes to digital currencies, so this could dramatically affect the volatility of the currency if people question the security of their finances. It seems to be a very well thought out and targeted attack with a damming outcome for all involved, so it goes without saying that everyone with a Binance account should change their API keys and two-factor authentication methods. Fortunately, those who have been affected will be reimbursed, but who knows how long they will remain customers.”
lia Kolochenko, Founder and CEO at ImmuniWeb:
“Technical details of the breach still remain obscure and it would be premature to make any conclusions at this point of time.
Today, all cryptocurrency-related businesses should be well prepared to defend against constant and sophisticated cyber attacks. In reality, however, virtually all of them underestimate or ignore digital risks and allocate scant resources for cybersecurity. Most have to compete on a very aggressive and turbulent market and thus are reducing their costs by all available means. Software development suffers most tremendously as cheap outsourced code cannot be secure by definition.
To bring certainty to the cryptocurrency markets clear regulatory standards are required, such as is PCI and PA DSS. Even if they are not a silver bullet, they greatly reduce both the number and average volume of credit cards theft.”
David Warburton, Senior Threat Research Evangelist EMEA at F5 Networks:
The Binance cryptocurrency hack demonstrates how social engineering is fast becoming a critical business threat. There are many avenues for cybercriminals to get their hands on credentials these days, including the use of false emails, exploiting weak network or application security, and even searching social media for clues. Phishing is now one of the easiest mechanisms for attackers to deploy, with recent F5 research indicating that it is the root cause of almost half of all breached records.
Although this particular hack only accounted for 2% of Binance’s total cryptocurrency assets, it is incredibly damaging to leave unsecured paths to critical data (or in this case hot wallets). More than ever, it is important for organisations to take the right steps and mitigate risk. Key tactics should include running penetration tests to gauge system susceptibility, as well as ongoing employee education efforts to promote responsible social media behaviours and phishing risk awareness. As ever, this should be supported by regularly evaluating networks and applications.