Could The Implementation of 3FA Reduce Hack Attacks To Crypto Exchanges?
As cryptocurrency exchanges continue to be hacked experts are thinking about new solutions and implementations to improve users’ security in these platforms. One of the solutions could be related to the development of 3FA.
Could 3FA Help Enhance Crypto Security?
Binance, one of the most popular cryptocurrency exchanges was hacked last week and it lost over 7,000 Bitcoin (BTC). At that time, they were equivalent to over $40 million. At the same time, the exchange exposed some user two-factor authentication codes and API tokens. This has increased the vulnerabilities of the exchange and its users.
This is just one of the many exchanges and platforms that have been hacked in the cryptocurrency market. Clearly, hackers tend to go where the money is, and exchanges hold large amounts of money in hot wallets that are used to provide liquidity to users when they trade digital currencies.
The company unveiled that they were attacked just a few hours after the hack and were very transparent in the way the dealt with the theft. The hackers have used different techniques in order to be able to have access to these funds.
According to Changpeng Zhao, the CEO of the platform, the hackers orchestrated actions through multiple independent accounts. Indeed, they were able to perform transactions that passed their existing security checks at the platform. In order to pay for the funds lost, Binance has a self-insurance fund that uses 10 percent of the trading fees in the platform. This is why the exchange is going to be covering the losses.
According to the Chairman of the Anti-Phishing Working Group CipherTrace, Dave Jevans, it is highly likely that a phishing attack triggered the hack. As he explained, Spear phishing attacks are getting a lot worse. Phishers are targeting high-value individuals and business emails.
As Mr. Jevans explains, the Two-factor authentication (2FA) is no longer strong enough and SMS is a weak second-factor authentication. He has also mentioned that it would be necessary to start thinking about three-factor authentication (3FA).
About it, the security expert explained:
“To access the network, exchange employees should be required to use an authentication app on their phone, a certificate on their computer to access the corporate VPN, and a password. That way, if criminals phish an exchange worker’s password or break it with brute force they’re still not getting in.”
As he says, implementing a three-factor authentication method for employees in a company would increase users’ security and reduce firms’ risks to experience an attack.