Cyber Criminals Use Phishing Techniques In £31m Bitcoin Heist
Whilst Blockchain technology, used in Bitcoin transactions, is supposed to be impervious to fraud, hackers have stolen £31 million worth of Bitcoin from leading Bitcoin exchange platform, Binance.
In total, cyber criminals were able to plunder over 7,000 bitcoins during the heist.
The hackers were able to gain access to one BTC hot wallet which allowed them access to 2% of the company’s total BTC holdings. Binance have assured users that all other wallets are ‘secure and unharmed.’
Following the attack, deposits and withdrawals were suspended until an investigation had been completed.
How were hackers able to gain access to a number of user Application Programming Interface (API) Keys, two-factor authentication (2FA) codes, and according to Binance ‘potentially other info?’
Unfortunately, the answer is all too obvious: human error.
Although the hackers attacked the business on all fronts using a range of tactics from malware and ransomware to other attacke techniques, it also used a multitude of phishing approaches to obtain the sensitive data it needed to successfully complete the attack.
Even this company, dealing with a technologically cutting-edge currency and using a fraud proof digital ledger system, were vulnerable to the sophistication of social engineering methods and the persistence and resilience of phishing techniques.
A Binance statement read:
“The hackers were able to withdraw 7000 BTC in this one transaction. The above transaction is the only affected transaction. It impacted our BTC hot wallet only (which contained about 2% of our total BTC holdings). All of our other wallets are secure and unharmed.
“The hackers had the patience to wait and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.
“Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.
“In this difficult time, we strive to maintain transparency and would be appreciative of your support.”
Matthew Hickey, Cyber Security Specialist at Hacker House, commented on the need for a more robust financial regulation, claiming:
“Blockchain businesses will need to implement controls more commonly seen in the traditional banking sector if they are to win over consumers.
“Cyber-insurance is a common necessity today as identity theft, malware and cyber-attacks are frequently being performed against high-value blockchain and crypto-currency companies.”
Does your law firm and business have an adequate policy in place to deal with attacks and data breaches if and when they take place?