On July 4, 2018, Binance was stolen 7,000 bitcoins; on May 8, 2019, it was stolen 7000 pieces the same means again!
Binance said that the security vulnerability is that hackers use a combination of technologies, including phishing, viruses and other means of attack, so that hackers can access a large number of user application interface keys (API keys), two-factor authentication code (2FA code), and other information, stealing 7,000 bitcoins from the Binance’s hot wallet at block height 575012. The exchange lost $41 million. Six hours after the incident, Binance announced that the hacker group used a combination of attack techniques, including phishing, viruses and other means of attack, to obtain a large number of users' API keys, Google to verify 2FA codes and other related information.
At 01:17:18 on May 8 th (Beijing time), the coin withdrawal operation was initiated at the same time through the API interface. The API key and Secret key will be generated after the API application of the Currency Exchange. The API interface has the functions of “Limiting User Open IP Limit” and “Open Cash withdrawal”. "Open withdrawal" refers to direct withdrawal using API key and Secret key, without the need for mobile phone verification code, SMS, Google verification code.
The preliminary analysis is considered to be the attack caused by the user's API key and Secret key information leakage. If the user does not limit the IP and configures the open cash withdrawal function, any attacker can obtain the API key and Secret key information to implement the attack.
There may be four ways for user's information leakage: ordinary users generally do not use the API key. Generally, advanced users use the code to implement automated transactions. The user source may leak the Secret key. The user is phishing and enters the API key and The Secret key was intercepted by the hacker; the user's API key and the Secret key saved the computer were attacked and stolen; the user's API key and Secret key were leaked due to the system of the currency security exchange system, and only 71 users opened the cash withdrawal function and were stolen coins.
Coin theft incidents occur frequently, where is the security of the encrypted assets?
The coin theft of Binance attracted a lot of people in the coin circle. For a time, the conspiracy theory of "malicious shorting" was rampant. No matter what kind of guess, there is no evidence. Sun Yuchen, the founder of TRON, which was called as a "rubbing king", said on Weibo that he was willing to deposit 7,000 BTC equivalent dollars in Binance to increase the holding of BNB and other currencies. As the voice just fell, the TRON currency rose and rose more than 7% in an hour.
However, CZ quickly rejected Sun Yuchen. "There is no need for financial support, Binance has not been bankrupt."
In addition to Sun Yuchen, Zhao Dong, the founder of DGroup, also supported Binance. He believes that it is difficult for an exchange so big as Binance to be hacked. In the eyes of professional hackers, as long as there is enough time, there is no platform that cannot be broken. If it is in other exchanges, it's likely to hide the matter.
The safety accidents of the exchange are not uncommon. On March 24 of this year, the Exchange's DragonEx wallet was hacked, resulting in the theft of digital assets of users and platforms, with losses exceeding $5 million. Previously, there were media reports that OKEx was suspected of being hit by a library attack and some user accounts were stolen.
Safety accidents occur frequently, and many investors question, "Why are there always security loopholes in such large exchanges?"
AJM leads blockchain 4.0, to solve the crisis of security trust with decentralization
The stolen incident of Binance once again shows that in a centralized world, people do not really control their own wealth, property security and privacy, and the value and domination are threatened at all times. Based on the fourth-generation blockchain technology, AJM surpasses the previous blockchain 3.0, which is more efficient and safe. AJM solves the trust problem between people with its own technical advantages, thus creating a more independent, free and democratic non- centralized financial system to solve the asset security problems caused by the centralization.
AJM is not only a single blockchain project, but also a collection of research results based on a blockchain-based distributed privacy Internet. It will play an important role in identity security, internet freedom, privacy socialization, decentralization of finance and business. It can be said that what AJM does is to rebuild a brand new, open Internet on distributed anonymous nodes, which will lead us to an unprecedented safe and free space.
AJM's initial functions are Resonance Trading, Trusted Stamp Network, Competition System, Information Network Broadcasting (AVD), Secret Chat, Anonymous Trading, Smart Contracts, Distributed OTC Trading, Super Master Node, Lucky Draw and Unique Smart Contract Design - - Blockchain merchant contract. All these functions echo, cycle and balance, which constitutes the strong internal structure of AJM in the early days. Its internal financial balance, community promotion, business docking, value precipitation and network expansion will subvert the concept behind the centralized business model.
AJM will work with enthusiasts of encrypted assets to share the dividends brought by the decentralized era!
Here are some related links for the AJM project.
AJM+ Global Website - ww w.worldajm. c om
AJM+ Business School (Mobile version) - ww w.ajmjt. C om
AJM+ Twitter - h t tps://twitter.com/AJM2019future
AJM+ official community
China - ht tps://t.me/ajmofficial_CN ht tps://t.me/ajmofficial_TW
United States - ht tps://t.me/ajmofficial_EN
Japan - ht tps://t.me/ajmofficial_JP
Russia - ht tps://t.me/ajmofficial_RU
Korea - ht tps://t.me/ajmofficial_KR
Vietnam - ht tps://t.me/ajmofficial_VN
Global Operations Center - ht tps://t.me/AJMCNEF
AJM+ White Paper (Chinese) - ht tp://ww w.worldajm. C om/zhongwenbaipishu.pdf
AJM+ White Paper (English) - ht tp://ww w.worldajm. C om/yingwen/AJM%20project%20whitepaper%E3%80%90EN%E3%80%91(2).pdf
AJM+ Youtube - ht t ps://w w w.youtube. c om/channel/UCHVxu_adkN6cTP6s3UImprw?view_as=subscriber
AJM+ Project Introduction (Chinese) - ht tp://w ww.worldajm. Co m/AJMgaibianshijiecn.pdf
AJM+ Project Introduction (English) - ht tp://w w w .worldajm. C om/yingwen/AJMgaibianshijieen.pdf
AJM+ APP Download (Chinese) - ht tp://ww w.worldajm. c om/zhongwen/xiazailiucheng.pdf
AJM+ APP Download (English) -ht tp://ww w.worldajm. c om/yingwen/AJM%20wallet%20download%20and%20install%20process.pdf -
AJM+ A letter to all mankind (Chinese) ht tp://w ww.worldajm. c om/zhongwen/yifengxin.pdf
AJM+ A letter to all mankind (English) ht tp://w w w.worldajm. c om/yingwen/An%20open%20letter%20from%20the%20Jewish%20saint%20JT%20to%20all%20mankind.pdf