On May 7th unknown attackers had penetrated into one of the most popular crypto-exchanges and stole 7,070.9 bitcoin from their hot wallet.
At that time, a twit by CZ Binance said
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are #safu.
— CZ Binance (@cz_binance) May 7, 2019
Four hours later, on May 8th, the hard truth had to be announced by Changpeng Zhao, Binance Founder:
Not the best of days, but we will stay transparent. Thank you for your support!https://t.co/Y1CQOatEpi
— CZ Binance (@cz_binance) May 7, 2019
The official report of the incident by Binance said
The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.
And, also that their SAFU fund will cover the incident, so it would be no harm to user funds.
According to a tweet by Larry Cermak @lawmaster it was the sixth largest hack in history so far, and the total amount stolen from all exchanges amounts $1.35 billion
A youtube blogger called ChicoCrypto said that in July 2018 the exchange had its first attack, with striking resemblances to this one: A tiny amount of SYS/BTC have been purchased; then, about 7,000 BTC was stolen as it happened this year.
He also pointed to a shocking fact about this latest attack. This hack withdrew the coins in multiples of about 500BTC.
That is rather odd because Binance has three levels of security for customers. Level 1 on unverified accounts have a daily withdrawal limit of 28 BTC. Level 2 is verified, which includes passports/Identity cards, addresses, phones and more. These accounts have daily limits of roughly 100 BTC. For higher withdrawals, there is a third level which is only granted after confirmation by Binance.
So how did the robbers managed to break the withdrawal limits and get their hands on that huge amount of coins?.
Also puzzling is that hackers tried to move the funds through SegWit addresses. According to ChicoCrypto, Binance do not has still compatibility with SegWit. That is why funds had been almost unmoved for hours. Finally, they started to move at about 1 p.m. on May 8, as shown by the Coinfirm analysis…
— Coinfirm (@Coinfirm_io) May 8, 2019
… to finally land in seven addresses:
After we documented the movement of some yesterday(orange) all of the funds 7070.9 BTC ($41.8m) were moved to 7 new addresses(red) pic.twitter.com/4vzVFRb7F4
— Coinfirm (@Coinfirm_io) May 9, 2019
So what’s the chance of the hackers to get away with it?
This is the case of robbers going into a bank and move the money while everybody is watching, and also everybody knows their addresses or at least their wallet addresses, although not their identities.
- bc1q2rdpyt8ed9pm56u9t0zjf94zrdu6gufa47pf62 1060 BTC
- Bc1qx3628eh9tdnm0uzculu8k6r2ywfkc5zns2hp0k 1060 BTC
- Bc1qnf2ja3ffqzc3hskanjse6p8zag52fm6jgmmg9u 1060 BTC
- bc1qw7g5uxxl750t0h2fh9xajwuxp4qt634yh3vg5q 1060 BTC
- 16SMGihY94H8UjRcxwsLnDtxRt7cRLkvoC 1060 BTC
- 1MNwMURYw1LkPnnpda2DQkkUsXXeKL9pmR 1060 BTC
- bc1q3a5hd36jrqeseqa27nm40srkgxy8lk0v0tpjtp 707 BTC
These addresses are reported, so how will they move their funds? This is a case of a fox hunted by dogs. If you follow CZ Binance account, you’ll see there are lots of experts analysing the transactions and investigating the paths money took. AMLT Token & Network, Coinfirm. Co, Tokenanalyst and others.
One of the main dog players in the hacking industry, John McAfee offered himself to help and solve the mystery, offering his 51+ years of experience in the field to hunt and chase them, and, later, asked his competitor Eugene Kaspersky to join the chase.
With all this amount of intelligence pointing at the thieves, how would they anonymise their stolen coins?
As we know, BTC transactions are recorded on a public ledger, that’s the reason we know these seven wallet addresses. No protocol exists to make it anonymous. These seven addresses are watched with hundreds of eyes. It has even been asked to exchanges not to accept BTCs coming from these wallets.
It seems that these guys are in trouble because, although the first part of their plan went as they hoped, the second part needs some more steps.
Of course, there are ways to anonymise bitcoins: Bitcoin mixers, conjoin and obfuscation methods using Tor. Many are performed by centralising coins in a trustless state unsafe for the customers. Also, trying to make seven thousand coins anonymous is something I’d like to see.
Their real aim might be to buy a real anonymous currency such as verge coin (XVG) and back again to BTC to some other unknown wallet.
Will they make it? will they get away with it?
Let’s wait and see…