Security Market Segment LS
Tuesday, 21 May 2019 13:10

Could behavioural analytics have stopped the Binance crypto hack?

Could behavioural analytics better protect crypto exchanges like Binance from hacking attacks? Could behavioural analytics better protect crypto exchanges like Binance from hacking attacks?

A recent, sophisticated attack on the popular Binance cryptocurrency trading platform saw users’ accounts compromised and simultaneous withdrawals made to the tune of 7000 Bitcoins (worth $40m at the time).

Users unwittingly had two-factor authentication codes (2FA) compromised via malware and phishing attempts along with API keys that were used to automate trading. It highlights the problems of relying on security credentials that can be compromised. In recent weeks we’ve been talking to Forcepoint, a security company that adds behavioural analysis to the mix, in order to understand whether this level of security would have helped stop the exfiltration of data which, in this case, meant Bitcoins.

According to Binance, the nature of the user behaviour didn’t raise any flags and security only kicked in once the Bitcoins had left the site.

iTWire spoke to Nico Fischbach, Forcepoint chief technology officer, to find out how better behavioural analysis could have helped. He pointed us to a case study of Metro Bank in the UK whereby the bank uses Forcepoint’s CASB (Cloud Access Security Broker) software to “analyse and enforce appropriate controls for SaaS and production applications.” The bank integrated it with their online banking application. It analysed workflows and user behavioural analytics – going beyond a traditional Web Application Firewall (WAF) – to scan for behaviours that were uncommon. He said, “It could be infections, compromised browsers, it could be users trying to do weird things and all of that… [all while] billions of transactions were running through the system.”

He said that the question for financial institutions (especially those dealing with things like Bitcoin should be, “Can behavioural analytics help reduce fraud? Zero fraud doesn’t exist. CASB and UBA (User Beahavioural Analytics) help you further reduce that risk by sitting in-between the user and the transactions without being yet another security bump in the road. Because that’s what people don’t like – they want to be agile and do their transactions. There has to be a cap [on things like 2FA]. You can’t be disruptive on the customer journey but still must have security value.”

Fischbach also emphasised the importance of using analytics in the back-end for “insider threat monitoring.” He said, “This is another angle that is super important.” It was a core focus of the investigation into the major New Zealand Cryptopia exchange hack which, just days ago, went into liquidation having lost huge amounts of customer funds. There were also concerns regarding the QuadrigaCX exchange collapse, whereby access to all wallets was lost when a single employee “went missing.” If this was an exit scam, behavioural analytics could potentially have raised alarms beforehand.

However, the crux of the Binance problem is that alarms only sounded once the Bitcoins had been withdrawn (especially as many went to just several address). While it’s not clear exactly what security layers were in place, it’s not unreasonable to assume that many users suddenly wanting to transfer coins to the same unusual addresses should have flagged security BEFORE being transferred.

Fischbach surmises “Would another security layer of defence that uses CASB and analytics have raised a risk score or a flag earlier for somebody to look into? We can only speculate.”

Whatever the truth is behind the hack, behavioural analytics is looking like a reasonable minimum security standard in a world where online currency transactions is only exploding.

The writer attended the Forcepoint conference in Malaysia as a guest of the company

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Nick Ross

Nick Ross is a veteran technology journalist who has contributed to many of Australia's top technology titles and edited several of them. He was the launch editor of the Australian Broadcasting Corporation online Technology section.

Share News tips for the iTWire Journalists? Your tip will be anonymous