Security Market Segment LS
Tuesday, 21 May 2019 13:10

Could behavioural analytics have stopped the Binance crypto hack?

Could behavioural analytics better protect crypto exchanges like Binance from hacking attacks? Could behavioural analytics better protect crypto exchanges like Binance from hacking attacks?

A recent, sophisticated attack on the popular Binance cryptocurrency trading platform saw users’ accounts compromised and simultaneous withdrawals made to the tune of 7000 Bitcoins (worth $40m at the time).

Users unwittingly had two-factor authentication codes (2FA) compromised via malware and phishing attempts along with API keys that were used to automate trading. It highlights the problems of relying on security credentials that can be compromised. In recent weeks we’ve been talking to Forcepoint, a security company that adds behavioural analysis to the mix, in order to understand whether this level of security would have helped stop the exfiltration of data which, in this case, meant Bitcoins.

According to Binance, the nature of the user behaviour didn’t raise any flags and security only kicked in once the Bitcoins had left the site.

iTWire spoke to Nico Fischbach, Forcepoint chief technology officer, to find out how better behavioural analysis could have helped. He pointed us to a case study of Metro Bank in the UK whereby the bank uses Forcepoint’s CASB (Cloud Access Security Broker) software to “analyse and enforce appropriate controls for SaaS and production applications.” The bank integrated it with their online banking application. It analysed workflows and user behavioural analytics – going beyond a traditional Web Application Firewall (WAF) – to scan for behaviours that were uncommon. He said, “It could be infections, compromised browsers, it could be users trying to do weird things and all of that… [all while] billions of transactions were running through the system.”

He said that the question for financial institutions (especially those dealing with things like Bitcoin should be, “Can behavioural analytics help reduce fraud? Zero fraud doesn’t exist. CASB and UBA (User Beahavioural Analytics) help you further reduce that risk by sitting in-between the user and the transactions without being yet another security bump in the road. Because that’s what people don’t like – they want to be agile and do their transactions. There has to be a cap [on things like 2FA]. You can’t be disruptive on the customer journey but still must have security value.”

Fischbach also emphasised the importance of using analytics in the back-end for “insider threat monitoring.” He said, “This is another angle that is super important.” It was a core focus of the investigation into the major New Zealand Cryptopia exchange hack which, just days ago, went into liquidation having lost huge amounts of customer funds. There were also concerns regarding the QuadrigaCX exchange collapse, whereby access to all wallets was lost when a single employee “went missing.” If this was an exit scam, behavioural analytics could potentially have raised alarms beforehand.

However, the crux of the Binance problem is that alarms only sounded once the Bitcoins had been withdrawn (especially as many went to just several address). While it’s not clear exactly what security layers were in place, it’s not unreasonable to assume that many users suddenly wanting to transfer coins to the same unusual addresses should have flagged security BEFORE being transferred.

Fischbach surmises “Would another security layer of defence that uses CASB and analytics have raised a risk score or a flag earlier for somebody to look into? We can only speculate.”

Whatever the truth is behind the hack, behavioural analytics is looking like a reasonable minimum security standard in a world where online currency transactions is only exploding.

The writer attended the Forcepoint conference in Malaysia as a guest of the company


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Nick Ross

Nick Ross is a veteran technology journalist who has contributed to many of Australia's top technology titles and edited several of them. He was the launch editor of the Australian Broadcasting Corporation online Technology section.



Recent Comments