Many organizations operate valuable services that are available over the Internet. It’s possible to mine data from social media to detect high-level trends that can help an organization target its advertising and properly position its product.
Providers of these services offer an Application Programming Interface (API) that allows a program to interact directly with the service. This can make use of the service more efficient and potentially decrease the impact of high-volume usage.
To gain access to these APIs, you often need an API key. This key uniquely identifies you to the API, which is useful when the API is paid or offers varying levels of service. This key gives anyone with access to it the ability to access the account, making API security an important consideration for any organization operating or using high-value APIs. As demonstrated by the Binance breach, failure to properly protect these keys can be a very expensive mistake.
What is Binance?
Cryptocurrencies like Bitcoin and Ethereum have increasingly been becoming mainstream. Based upon blockchain technology, they create a decentralized, distributed ledger that allows a group of individuals to track the shared history of their network without relying upon a trusted, centralized organization to maintain the authoritative record.
While this type of system can be used for a variety of different purposes, cryptocurrencies are the most famous, implementing a complete financial system without the need for banks.
These cryptocurrencies are designed to allow people to completely control their own money still many users decide to use a service to help with managing their money.
Some services just maintain a user’s wallet for a single cryptocurrency, while others (called cryptocurrency exchanges) can be used to maintain wallets for many different types of cryptocurrencies and exchange between them (similar to the traditional currency exchanges that you see at airports for exchanging between fiat currencies like US dollars, euros, and yen).
Binance is an example of a cryptocurrency exchange. Users create an account with Binance and use it to store the private keys that define ownership of their wallets. Through Binance’s user interface, they can check their balance and perform transactions. If everything goes well, their money is secure; however, an attacker with access to their Binance account can perform transactions on their behalf.
Since the blockchain is immutable, these transactions are irreversible, which means that any money that’s stolen is gone forever.
What Went Wrong?
Binance made headlines on May 7, 2019 due to a massive attack against users of the service in which attackers stole about 7,000 Bitcoin (worth about $41 million at the time). This was the culmination of an extended attack in which attackers discreetly gathered the information needed to perform the attack. On May 7, they used this information in a large-scale attack to grab as much Bitcoin as they could. By the time that the cryptocurrency exchange was able to react to the alarms that this caused, it was already too late.
Binance cryptocurrency exchange is designed to protect the accounts of the people using it. As a result, it uses two-factor authentication to provide an extra level of security for users’ accounts. Using a combination of different tactics, attackers gained access to these 2FA mechanisms and the usernames and passwords of these accounts. As a result, they had everything that they needed to log in and steal the Bitcoin.
But 2FA codes weren’t all that was targeted. Like the stock market, cryptocurrency exchanges are used for high-volume trading. Where fractions of a second can make the difference in scoring a huge profit off of a potential deal. As a result, users of Binance will often have API keys that allow automated access to their accounts. These keys are the equivalent of a username/password combination and need to be protected the same way. The parties that attacked the Binance cryptocurrency exchange managed to collect API keys. This gave them access to a greater number of Binance accounts.
The Need for API Security
Binance and other high-value Internet sites provide API access as a matter of convenience. Developers commonly create automated scripts that want the ability to interact with these services and perform repetitive actions or ones that are difficult to do manually. These scripts are commonly used for data mining social media sites or high-volume trading (like on Binance).
These API keys are powerful and require the same level of protection as other login credentials (username/password, etc.). They also need to be accessible to the scripts that use them, meaning that they are often misplaced and leaked. As a result, incidents like the Binance breach occur where leaked keys have an expensive impact on their owners.
Organizations that operate high-value APIs should have API security solutions in place to protect them. These solutions have the ability to track accesses and detect anomalies. Which allows the service to lock down access or take additional verification steps before granting it.
If an individual or organization has scripts using high-value API keys (like the ones in the Binance breach), they should have a data security solution in place that scans for API keys and similar high-value data before allowing it to leave the trusted network. These kinds of protections can help protect an organization from high-value breaches like the Binance breach.