⭐ Merited by Tytanowy Janusz (2)
Oświadczenie Binance:
https://www.binance.com/en/support/articles/360006675312
Jest mowa o kradzieży kluczy do API. (zgodzę się, nie jest to wina Binance).
Nie ma mowy o tym, że Binance wykryło kradzież kluczy w sposób automatyczny aczkolwiek mogło wykryć niecodzinne zachowanie (najzwyklejsze w świecie 'anomaly detection'). Jasne, można skanować np Github w czasie rzeczywistym w poszukiwaniu commitow z danymi prywatnymi aczkolwiek klucze zostaly wykradzione podejrzewam poprzez man in the middle attack.
https://www.hodlbot.io/blog/a-thorough-investigation-of-the-binance-hack
Binance CEO:
Security Expert:
http://www.cs.cornell.edu/people/egs/
Cytując z:
https://www.hodlbot.io/blog/binance-hack
FUNDS ARE SAFU
https://www.binance.com/en/support/articles/360006675312
Jest mowa o kradzieży kluczy do API. (zgodzę się, nie jest to wina Binance).
Nie ma mowy o tym, że Binance wykryło kradzież kluczy w sposób automatyczny aczkolwiek mogło wykryć niecodzinne zachowanie (najzwyklejsze w świecie 'anomaly detection'). Jasne, można skanować np Github w czasie rzeczywistym w poszukiwaniu commitow z danymi prywatnymi aczkolwiek klucze zostaly wykradzione podejrzewam poprzez man in the middle attack.
https://www.hodlbot.io/blog/a-thorough-investigation-of-the-binance-hack
Binance CEO:
Quote
"The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.
Security Expert:
Quote
Binance knows that they lost user credentials, that their users' 2FA got compromised, they do not know the exact extent of the attack, yet they keep trading going, says Emin Gün Sirer, a computer scientist and codirector of Cornell Universitys Initiative for Cryptocurrencies and Contracts. This is a huge risk. Anyone can take highly risky positions, and if the trades turn sour, they can claim that it wasn't them, they were compromised by the hack.
http://www.cs.cornell.edu/people/egs/
Cytując z:
https://www.hodlbot.io/blog/binance-hack
Quote
"Security Breach Without API Keys Being Compromised
This one is more likely. Rumour has it 700 accounts with withdrawal access were compromised. No one has come forward saying that their account was hacked. Since passwords and 2FA were compromised, youd imagine Binance would ask users to reset their personal information. At the same time, If API keys were not compromised, why would Binance reset API keys?
Attackers are still in control of many accounts that Binance does not know about
Its possible. Binance reset API keys, but hackers could still have access to a bunch of accounts via stolen personal information.
This one is more likely. Rumour has it 700 accounts with withdrawal access were compromised. No one has come forward saying that their account was hacked. Since passwords and 2FA were compromised, youd imagine Binance would ask users to reset their personal information. At the same time, If API keys were not compromised, why would Binance reset API keys?
Attackers are still in control of many accounts that Binance does not know about
Its possible. Binance reset API keys, but hackers could still have access to a bunch of accounts via stolen personal information.
FUNDS ARE SAFU