Hackers stole over 7,000 bitcoin from global cryptocurrency exchange Binance, which provides a platform for trading more than 100 cryptocurrencies.
“Hackers were able to obtain a large number of user API keys, 2FA codes… They used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” the start-up said in a statement late on Tuesday.
The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.
“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed,” Binance added.
U.S. lawmakers are pushing legislation that would force the State Department to report what it is doing to control the spread of U.S. hacking tools around the world.
A bill passed in a House of Representatives’ appropriations subcommittee on Tuesday said Congress is “concerned” about the State Department’s ability to supervise U.S. companies that sell offensive cybersecurity products and know-how to other countries.
The proposed legislation, released on Wednesday, would direct the State Department to report to Congress how it decides whether to approve the sale of cyber capabilities abroad and to disclose any action it has taken to punish companies for violating its policies in the past year.
National security experts have grown increasingly concerned about the proliferation of U.S. hacking tools and technology.
The legislation follows a Reuters report in January which showed a U.S. defense contractor provided staff to a United Arab Emirates hacking unit called Project Raven. The UAE program utilized former U.S. intelligence operatives to target militants, human rights activists and journalists.
State Department officials granted permission to the U.S. contractor, Maryland-based CyberPoint International, to assist an Emirate intelligence agency in surveillance operations, but it is unclear how much they knew about its activities in the UAE.
Under U.S. law, companies selling cyber offensive products or services to foreign governments must first obtain permission from the State Department.The new measure was added to a State Department spending bill by Dutch Ruppersberger, a Democrat from Maryland and member of the House Appropriations Committee.
Ruppersberger said in an emailed statement he had been “particularly troubled by recent media reports” about the State Department’s approval process for the sale of cyberweapons and services.
CyberPoint’s Chief Executive Officer Karl Gumtow did not respond to a request for comment. He previously told Reuters that to his knowledge, CyberPoint employees never conducted hacking operations and always complied with U.S. laws.
The State Department has declined to comment on CyberPoint, but said in an emailed statement on Wednesday that it is “firmly committed to the robust and smart regulation of defense articles and services export” and before granting export licenses it weighs “political, military, economic, human rights, and arms control considerations.”
Robert Chesney, a national security law professor at the University of Texas, said the Reuters report raised an alarm over how Washington supervises the export of U.S. cyber capabilities.
“The Project Raven (story) perfectly well documents that there is reason to be concerned and it is Congress’ job to get to the bottom of it,” he said. The bill is expected to be voted on by the full appropriations committee in the coming weeks before going onto the full House. (VOA)