3FA TO STOP EXCHANGE HACKS

  • Proposal of new generation of secure authentication 3FA can reduce and maybe stop cryptocurrency exchange robberies
    During 2019 there was a hack that hit the world’s biggest cryptocurrency exchange, Binance. This showed the need for more secure system in the crypto space.

    We got information of this even by Wired: look at wired this was loarge scale security breach, during which hackers managed to steal over 7000 bitcoins and while doing it they managed to get some of two factor authentication codes and passwords and API takens. This is one of many stealings that happen every year so thousands of bitcoin are lost.

    Let’s analyze why high quality hackers are targeting cryptocurrencies as a place the profit. It’s obvious that main reason tit that they get in a couple of steps money.

    Biance published that all 7000 are only 2% of their reserves that make total stash 350 000 bitcoins and this is very tempting target. And this was only in hot wallet stash that was hacked.

    Positive developments is that Bince didn’t try to hide this hack but they were transparent and announced on the same day what have transpired. This is showing maturity of crypto marketing and is generally a good thing.

    Positive developments is that Bince didn’t try to hide this hack but they were transparent and announced on the same day what have transpired. This is showing maturity of crypto marketing and is generally a good thing.

    This hack was done by using a variety of techniques, including phishing viruses and other attacks, Biance CEO Zhao Changpeng posted that: “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.” We also know that no customer will suffer losses as Biance has self-insurance fund form 2018 were 10% of all transaction fees foes in separate cold wallet.

    How did it all happen? Biance has the current state of the cybersecurity art in place. So attackers probably used password stolen in phishing attack. Other possibility is they exploited some combination of vulnerabilities

    To find out more about spear phishing look at csoonline usualy this atack is aganst high value individuals and business es email compromise FBI report says situation is getting worse day by day. Phishers are now targeting Crypto companies also, The whole hack of bianca could be that employee was tricked and gave passwort by an email ruse. It should have been phishing plus fileless malware or an APT. And it could happen from many directions as attack surface is big at this king of global IT network.

  • Let’s triple our system of security
    It has been shown that 2FA is week in combination with SMS, it’s possible to ‘port’ phone number in order to receive SMS text messages that are used in 2FA systems. This means this systems aren't secure and approach need to be changed. There is possibility to make apps that will protect company even if employee phone is stolen or “ported”, we think therefore we should introduce three factorr authentication (3FA).

    Criteria is simple two things employees should be supplied with, and one thing needs to re memorised know:
    • 1) an authentication app on phone by which he will access the network, exchange employees should be required to use on their phone,
    • 2) a certificate on their computer to access the corporate VPN, and
    • 3) a password


    Now criminals phisher attack get a password from exchange worker or maybe using brute force they break, they still can not getting in the system. We also have option to revoke certificates.

    Now we have failsafe even if hacker find out password and manage to compromise one of devices, that still isn’t enough to pass all three factors. Now needed is to break all three factors to enter the system.

    This proposal will put an extra burden on employees, but having a certificate on the computer will not take much effort and employee with important roles could bare more burden as their systems are mission critical.


Prev Next