How hackers compromised Binance, last year's breakout exchange

Leo Zhang

By Leo Zhang

A summary published by Binance Support (below) details how the hackers compromised the exchange through accumulating user credentials over a long period of time.

Technical

Summary of the phishing and attempted stealing incident on Binance
(Binance Support)

"The hackers accumulated user account credentials over a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it was around Feb 22, where a heavy concentration of phishing attacks were seen using unicode domains, looking very much like binance.com, with the only difference being 2 dots at the bottom of 2 characters."

Effects of a single unexpected PoW change
(Github, by JW Weatherman)

"Making a one-time change to proof of work would have different effects on different participants in the bitcoin ecosystem. Here we are assuming that concerns over centralization of mining power and the behavior of miners has created enough concern to justify a proof of work change inorder to destroy the economic value of all existing specialized mining hardware."

Correct-by-construction Casper: binary consensus->sharding
(Vlad Zamfir)

"The correct-by-construction framework for generating consensus protocols is pretty cool…We were able to define lots of consensus protocols (including sharding!) without doing almost any extra analysis on a case-by-case basis!"

Adding "data loss protection" to eclair
(Medium, by ACINQ)

"One of the tricky thing with Lightning is that you cannot easily backup a channel. Suppose you simply copy your node data, and later restart from this now outdated state; then you may broadcast what you think is the current commitment, which is actually a revoked commitment and you will be punished by your counterparty."

068: malware from outer space!
(Smashing Security)

Look-alike domains and visual confusion
(Krebs on Security)

"I wrote this post mainly because I wanted to learn more about the potential phishing and malware threat from look-alike domains, and I hope the information here has been interesting if not also useful. I don’t think this kind of phishing is a terribly pressing threat (especially given how far less complex phishing attacks seem to succeed just fine for now)."

News

Winklevoss twins say crypto exchange may offer more coins
(Bloomberg, by Joanna Ossinger and Nick Baker)

"The Winklevoss twins said their main 2018 goal for Gemini Exchange, the Bitcoin and Ethereum trading platform they run, is eyeing expansion to other tokens such as Bitcoin Cash and Litecoin."

Wyoming passes blockchain-friendly bills

Crypto miner Bitfarms to invest $193 million in Canadian Centers
(Bloomberg, by Camila Russo)

"Quebec-based Bitfarms said it entered into six hydropower purchasing agreements with generator Hydro-Sherbrooke, totaling 98 megawatts. By way of comparison, Hut 8 Mining Corp., a miner backed by billionaire investor Mike Novogratz, is working on a data center in Alberta that’ll have 42 megawatts of capacity by the end of the year."

Merrill Lynch charged with gatekeeping failures in the unregistered sales of securities
(SEC)

"The SEC’s order found that Merrill Lynch sold almost three million shares of Longtop Financial Technological Limited’s securities into the market despite red flags indicating that the sales could be part of an unlawful unregistered distribution. Ultimately, the distribution generated almost $38 million in proceeds for the overseas issuer and its affiliates. "

Commentary

Diverging Paths
(KKR, by Henry H.McVey)

"While many of the conversations we are having with investors in the United States these days are championing the merits of more U.S.-centric strategies, this approach just does not seem to dovetail well with the way we are seeing the world from an asset allocation perspective, particularly after several back-to-back trips to Europe and Asia."

Commentary on the ICO phenomenon

Crypto-litigation updates: Weinstein and the Bitcoin
(Medium, by Stephen Palley)

"Virtual currencies like bitcoin are the latest “there’s no law!” echo chamber.[1] Coming as no surprise to lawyers who watch the space, there actually is, and case-law is starting to flow from judges presented with cases that address it."

Gigantic study of fake news online finds the enemy is humanity
(Gizmodo, by Rhett Jones)

"Analysis of users’ comments on news found that false stories inspired fear, disgust, and surprise, while true stories inspired anticipation, sadness, joy, and trust. Above all, surprise was the biggest reaction to false news, which leads Vosoughi to believe that fake news has more to do with human nature and its attraction to novelty than anything."

Nick Szabo on the nature of currency

Why these U.S. jobs numbers will be more revealing
(Bloomberg, by Mohamed A. El-Elrian)

"All three evolutions are vital to longer-term economic well-being and financial stability. And while they all have been gaining traction, they’re also navigating market uncertainties about global trade relations and economic policy management."

Updates

Zcash is partnering with AirTM to bring more financial freedom to everyday Venezuelans and people in the developing world. Medium

Cardano repleased IOHK Weekly Technical Report. Cardano

Stellar announced a special instance of SDF’s partnership grant program with Keybase. Blog

Look for the "Subscribe" link on our site to receive curated news, delivered daily or weekly to your inbox.