Within no time, Binance CEO, Changpeng Zhao (nicknamed CZ), tweeted that the exchange had frozen the funds. CZ added that they were returning the recovered funds to Upbit. Binance managed to block and transfer the funds a mere 30 minutes after Whale Alert warned the loot was being moved..
On May 13, at about 16:00 UTC, Whale Alert picked out a transaction involving 137 ETH (worth about $27,000) that was sent to the Binance exchange wallet. The bot warned the exchange that the fund’s origin was an address linked to the hacker group responsible for Upbit hack.
Binance moved quickly yesterday to freeze funds on their exchange linked to the Upbit hack late last year
Hackers breached crypto exchange Upbit in November 2019, making off with $49 million in crypto – yesterday they tried to sell stolen Ethereum on Binance
With so many exchanges being breached in the past few years, Binance and other major exchanges have resolved to freeze any hack-related funds sent to their platforms. Binance did just that after an address linked to the Upbit hack in 2019 reportedly sent 137 Ether (ETH) to the exchange.
In his tweet, the Binance CEO added:
“Frozen, will work with UpBit to verify and get law enforcement involved and hand off the funds. Waiting for someone to complain on social media about us freezing funds. But fight bad actors, we must.”
It’s not the first time Binance has frozen funds hackers have tried to launder through its exchange. In January 2019, hackers stole $16 million from Cryptopia. The New Zealand based exchange had to cease its operations after the hack. Binance then froze the funds when the hackers later tried to sell them on.
Although Binance succeeded in freezing the 137 ETH transfer, hackers linked to the Upbit hack have still managed to successfully move some of their stolen cryptocurrency holdings through exchanges, including Binance. Data shows that over 3,600 ETH, worth around $725,000, has been moved from the hackers’ wallet in the past 24 hours.
According to Uppsala, nearly $3.2 million in Ethereum (ETH) stolen by the hackers has been laundered through several exchanges. Apart from Binance, the other major cryptocurrency platform hackers used was Bitfinex.
While it’s hard to pinpoint the motivation behind the hackers’ decision to send ETH worth $27,000 considering the millions they stole, it is likely the hackers were trying to gauge how quickly Binance acted before deciding to move a larger amount.
Hackers Plant Crypto Miners by Exploiting Flaw in Popular Server Framework Salt
A hacking group has installed crypto mining malware into a company server through a weakness in Salt, a popular infrastructure tool used by the likes of IBM, LinkedIn and eBay.
Blogging platform Ghost said Sunday an attacker had successfully infiltrated its Salt-based server infrastructure and deployed a crypto-mining virus.
“Our investigation indicates that a critical vulnerability in our server management infrastructure … was used in an attempt to mine cryptocurrency on our servers,” reads an incident report. “The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately.”
Ghost said Monday developers had removed the mining malware from its servers and added whole new firewall configurations.
Salt is an open-source framework, developed by SaltStack, that manages and automates key parts of company servers. Clients, including IBM Cloud, LinkedIn, and eBay, use Salt to configure servers, relay messages from the “master server” and issue commands to a specific time schedule.
SaltStack alerted clients a few weeks ago there was a “critical vulnerability” in the latest version of Salt that allowed a “remote user to access some methods without authentication” and gave “arbitrary directory access to authenticated users.”
SaltStack also released a software update fixing the flaw on April 23.
Android mobile operating system LineageOS said hackers had also accessed its core infrastructure via the same flaw, but the breach was quickly detected. In a report Sunday the company admitted it hadn’t updated the Salt software.
It remains unknown whether the same group is behind the LineageOS and Ghost attacks. Some attacks have planted crypto mining software, while others have instead planted backdoors into servers.
It isn’t clear if hackers mined a particular cryptocurrency. Hacking groups have generally favored monero (XMR), as it can be mined with just general purpose CPUs, not dedicated mining chips, and can be traded with little risk of detection.
CoinDesk has approached SaltStack for comment, but hadn’t heard back by press time.