Syscoin has been hit by an unusual hack that has manipulated the coin’s total supply. The attackers then sent the fraudulently generated coins to Binance and sold them, pushing the price of 1 SYS to as high as 96 BTC. The BTC they received was then withdrawn, prompting Binance to temporarily cease trading and to reset all APIs, which are believed to have facilitated the attack.
Syscoin Gets Pumped, Binance Gets Rekt
96 BTC ($600,000) is a lot of money to pay for anything, not least a single altcoin that normally retails for a few cents. The first signs that something was astir emerged on Tuesday evening (EST) when Syscoin noted that it had detected unusual activity on its blockchain. It was initially suggested that a block was mined that somehow created 1 billion new SYS. Given that the total supply is set at 888 million, this ought to have been impossible. It is now understood, however, that the attackers were simply moving the same 40 million SYS around, as reported by a member of the Syscoin team. As such, the attack was not a hack in the conventional sense of the word, even if the end result was the same.
In recent weeks, a number of blockchains have been compromised before the funds were sent to Binance to launder, but 51% attacks were usually used, as was the case with Zencash. Intriguingly, the Syscoin hack came just one day after blockchain security protocol Blue claimed that half of the top 50 cryptocurrencies were vulnerable to “destructive flaws”. It promised to make the information public, before claiming that it had delayed the release to allow exchanges to make security preparations.
Binance Cancels All APIs
When cryptocurrency is stolen or otherwise appropriated through mischievous means, Binance has become the preferred destination for culprits seeking to cash out. That’s because it’s one of the few high liquidity exchanges with no KYC, making it easy to withdraw coins anonymously. It is widely assumed that Binance will soon enforce KYC, not least to protect itself from attacks such as these. It has been claimed that as much as $50 million of BTC was withdrawn from Binance, but these reports are as yet unverified.
— CryptoTutor⚡️ (@CryptoTutor) July 3, 2018
Binance, for its part, has responded promptly to the hack, and communicated regularly with its users, as has been its trademark during times of crisis. Customers of the exchange woke up to the following email:
Binance CEO CZ promised a full post-mortem after the exchange re-enabled trading on Wednesday morning. In an incident recap, Binance has promised to rollback irregular trades and offer zero-fee trading to irregular trading. The exchange tweeted the news accompanied by the #SAFU hashtag, in reference to a rising crypto meme spawned by a previous CZ typo in which he assured users that “funds are safu”. In March, Binance was hit by a similar API-based attack, on that occasion using Viacoin. Using compromised APIs, the attackers set ridiculously high sell orders on the victims’ accounts, dump their illicitly obtained crypto on them and then cash out. Decentraland’s MANA cryptocurrency also soared dramatically on Binance in a move that’s believed to be linked to the Syscoin API attack.
Anatomy of a Hack
Telegram channel Whatblock has published what appears to be a fair summation of the Syscoin hack, writing:
1. [Hacker] spent a very long time collecting API keys through malware.
2. Look for a REALLY low liquidity shitcoin with an extremely thin order book on the ask side and find SYScoin.
3. Mine a lot of SYS coins and Take over SYS mining power to prevent rollback of the chain.
4. Get full access to an account on Binance that has a very high trade volume and regularly deposited and withdrew extremely large amounts of BTC (To avoid suspicion).
5. Send SYS (mined earlier) to this Binance account.
6. Place ask orders of SYScoin at VERY high rates at the very top of this thin order book.
7. Use BTC of Binance users that use API to buy all SYS in the orderbook.
8. Withdrew 1000 BTC in 7 different withdrawals all to the same BTC address.
While Binance has earned plaudits for its prompt response to suspicious trades, it is evident that it will remain a prime target to attackers so long as they are able to deposit and withdraw crypto with anonymity and impunity.
Do you think API-based attacks such as these are likely to happen again? What can exchanges like Binance do to mitigate the threat? Let us know in the comments section below.
Images courtesy of Shutterstock, Twitter, and Binance.
Need to calculate your bitcoin holdings? Check our tools section.