Binance Expands YubiKey Support for Two-Factor Authentication (2FA)

Siamak Masnavi

Binance announced on Monday (July 22) expanded support for two-factor authentication (2FA) via Yubico's "Yubikey" hardware-based security keys.

A YubiKey security key can be purchased from Yubico for as little as $20 (in the case of their "Security Key by Yubico" product):

Yubico Security Key.jpg

A few days after Binance announced that it had suffered a security breach on May, Binance CEO Changpeng Zhao (aka "CZ") said via a "Security Incident Update" published on Binance's blog that the Binance team was "making significant changes to the API, 2FA, and withdrawal validation areas", and as a result, it would be improving Binance's two-factor authentication (2FA) by implementing  support for hardware-based security keys such as Yubico's YubiKey devices, and that in fact, Binance would be giving away "1,000 YubiKeys as soon as that feature is implemented."

Then, on June 27, CZ sent out a tweet that told Binance users that YubiKey support had been implemented and it was in the beta testing stage. He also explained that Binance was at that time only using a YubiKey device (for those customers that had set one up for their accounts) for verifying withdrawals:

On the same day, a Binance support article explained how users could use a YubiKey device for 2FA.

The next day, a Binance blog post announced that Binance had added support for two-factor authentication (2FA) through hardware security keys," and that this was " in addition to the SMS and Google Authenticator options supported on the website and apps."

Furthermore, this post explained that the "Binance website, both on desktop/laptop and mobile, now supports the FIDO2 open authentication standard," which means that "2FA devices that support this standard, like YubiKey, Trezor, and others, can be used as security keys" for Binance accounts. It also said that Binance's mobile apps would be adding this feature in the future.

Earlier today, Binance sent out a tweet to notify users that they can now use 2FA via security keys for "Withdraw & API", "Log In", and "Password Reset"); Binance also, once again, recommended using a YubiKey device as a security key:

 

Featured Image Courtesy of Binance. YubiKey Device Image Courtesy of Yubico.

Kraken Exchange Test Bug Allowed Some Traders to Make an Easy 20% Profit

  • Cryptocurrency exchange Kraken disclosed a product testing bug that affected how orders were executed.
  • Certain clients were able to buy BTC at $8000 while others sold at $120000.

Cryptocurrency exchange Kraken has updated users on a new bug that allowed certain clients to buy BTC at $8000 or sell at $12000.

Kraken Exchange Bug 

According to the notice published to Kraken’s official Twitter account, the exchange was testing an unreleased advanced order type when it encountered a bug.

The glitch led to a system error where orders were priced against the wrong side of the book. Certain clients were able to purchase bitcoin at $8,000 per coin while others were able to sell at $12,000 against the tester without an intervene in liquidity being cleared (despite the market price of BTC hovering around $10,300).

Kraken explained that because of the bug, orders were executed on either side of the $8K - $12K spread, without any liquidity in between being exhausted. However, stop orders were apparently triggered and correctly filled.

Community members were quick to criticize the exchange for allowing such a significant bug to occur on a test that was being run in a live market. 

Jesse Powell, co-founder and CEO of Kraken, defended the exchange’s actions by explaining that products have to be live-tested eventually, even if there is a chance of error. 

 

Featured Image Credit: Photo via Pixabay.com