Cryptocurrency exchanges + 2 factor authentication

One of the biggest issues that cryptocurrency exchanges face in this new digital currency industry is the exploitation of 2 factor authentication which makes entering a 6 or 7 digit code irrelevant for an attacker.

Let's assume the following leading exchange, Binance, tries its best to prevent attackers. On it's login page, you'll see the following:

Notice how they present the login page and warn the user to make sure that they are visiting "https ://www.binance.com". This is to prevent the classic phishing scam where an attacker makes a copy of the webpage such as "biinance.com" or "binance.online" as example TLD's that might appear seemingly innocuous to the typical user, but in reality the webpage will snatch the user's credentials to sign-in and transfer away all the crypto currency in the account. Game over, right?

Not quite. You've got something called 2 factor authentication which is often now a required standard in the crypto space. Often, however, you've got the issue of a stolen device. Binance shows the following screen, even if you've lost your sign-in credentials.

The hacker has now bypassed the most basic auth: user and password. Many times, this is the dead end part that prevents most cyber attacks. However, the bigger issue that many people face are the following: their device and/or browser contents are stolen. This is where Dark Sonar comes in. Many other exchanges like Coinbase tend to not even display these normal security measures like the rudimentary ones that Binance put in such as the anti-phishing step on sign-in and the captcha.

This is where Dark Sonar comes into play. Since Dark Sonar software analyzes user behavior over time, it comes in as a second line of defense, complimenting 2FA and makes a user account more secure. Our machine learning algorithms also further help prevent account takeover which has become so prevalent in this field.

Our product can make your system prompt the user to enter the 2 factor authentication token again in certain situations such as an internet connection change, time zone change, etc. These added security measures help prevent other types of cyber attacks on websites that seemingly do not have much security measures in place beyond a username or email/password authentication system with 2FA.

Interested in our products and want to learn more? Contact a member of our team who can help you implement a Dark Sonar solution to fit your firm's security needs.

George Lee

George Lee is the Founder & CEO of Dark Sonar. He leads technology and business development of Dark Sonar from his cybersecurity background.