7,000 Bitcoins Stolen from Binance7,000 Bitcoins Stolen from Binance. This article is from the security team of Chengdu Lianan Technology, reproduced by Odaily with authorization.
The well-known cryptocurrency exchange Binance has been hacked, and 7074.18 bitcoins have been stolen so far.
According to information disclosed by Binance CEO Changpeng Zhao, the exchange discovered a large-scale security breach on May 7 that allowed hackers to gain access to user application program interface keys (API keys), two-factor identity verification code, and other information. According to one transaction published in the security notice, hackers removed approximately $41 million worth of bitcoin from the Binance exchange.
For this attack, the security team of Beosin Chengdu Chain Security Technology conducted an in-depth analysis:
image description
image description
Detailed withdrawal address
Up to now, Binance hot wallet (address: 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s) has stolen about 7000 BTC.
Now Binance’s hot wallet balance is 3,612.69114593 BTC, indicating that the private key of Binance’s hot wallet is safe. After team analysis,
At 01:17:18 on May 08, the withdrawal operation was initiated at the same time through the API interface.
API key and Secret key will be generated after the API application of Binance Exchange, as shown in the figure below:
The API interface has limited users to open IP restrictions and open cash withdrawal functions. Open cash withdrawal means direct use
As shown below:
As shown below:
The official call code demo of the API part is as follows (fromhttps://github.com/binance-exchange/python-binance):
Our preliminary analysis believes that the attack was caused by the leakage of the users API key and Secret key information.
If the user does not limit the ip and configures the open withdrawal function, any attacker can attack after obtaining the API key and Secret key information.
The users information leakage channels may include:
Ordinary users generally do not use the api key. Generally, advanced users use it to realize automated transactions in the code. It may be that the leak of the user source code leads to the leak of the API Secret key.
The user was attacked by phishing, and the API key and Secret key entered were intercepted by hackers.
The computer where the users API key and Secret key were saved was stolen by an attack.
Due to the Binance exchange system, the user’s API key and Secret key were leaked, and only 71 users opened the withdrawal function, and their coins were stolen.
The main 20 addresses of the 7074 BTC stolen by hackers are as follows:
bc1qp6k6tux6g3gr3sxw94g9tx4l0cjtu2pt65r6xp 555.997 BTC
bc1qqp8pwq277d30cy7fjpvhcvhgztvs7v0nudgul5 463.9975 BTC
bc1qld27dqu6wrl4tmjdr8tl55qavmghwrr4ldh7qn 473.9975 BTC
bc1q8m9h3atn4cqeqhu3ekswdqxchp3g7d4v3qv3wm 567.997 BTC
bc1q7p6edvd4zvtya8uj366c23dan8pvlp503spucu 468.9975 BTC
bc1ql0wlnu80l8kctjzkzlzd72sdjqwuvruvgepceq 383.998 BTC
bc1q3ldtrr6xtpx8jam5gw68aaexz2wtluj0qullvr 189.999 BTC
bc1qyv4zv0wjn299kx4yz6g7v6g6400wqgzcqgw9vx 383.998 BTC
bc1q6fejm4r866tmt8ptf42juedv5gevlv2qt72agq 371.998 BTC
bc1qvstwzsrfml43jrclsp68220l4lx5lw3kwf7dp0 193.999 BTC
bc1qecs672j9dpvwr56zeldgf3swtlv3dad52wzuta 463.9975 BTC
bc1qshkncv7tkpye7z0z4a3k9yw2e73whha9gjs88z 97.9995 BTC
bc1qhlhx6lrnr0jf4zpvm788j7yeezau6s8q557p2z 279.9985 BTC
bc1qesy52g7ndy652qudr2awuk57mcaxgmn9qsmpzk 469.9975 BTC
bc1q9svj9wp68zftgejjgk6f96ukuyx8c5urkqsv69 193.999 BTC
bc1qanrl8n3flz4jftkscljx2hwuc3h50f9ynp2nyn 89.9995 BTC
bc1qtpdptcf4ngfkwq6dr36kqaeh2n5h00rx5unkgc 670.9965 BTC
bc1qvr2jxlmvckap7cg2l6mdgh5fa8glkhe4s88sax 377.998 BTC
bc1qhqap39mpkldjzvqdf3204p732krtnf56mm9aj3 370.998 BTC
3KBsR6Ld255Tw5hNR4S6KaX5SXxvRF6jv3 1.29968018 BTC
