One of the world’s largest bitcoin exchange, Binance, has confirmed that the company has lost nearly $41 Million worth of bitcoin to hackers.
In a statement yesterday, the company said “We have discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. ” As a result the hackers made away with roughly 7000 bitcoins, which worth 40.6 million at the time of writing.
How it Happened
The company made it known in its statement that “The hackers used a variety of techniques, including phishing, viruses and other attacks.” These techniques were used to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that’s connected to the Internet), which contained about 2% of the company’s total BTC holdings, and withdraw stolen Bitcoins in a single transaction. The statement further added that “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.”
Binance has suspended all deposits and withdrawals on its platform for roughly one week while it thoroughly reviews the security and investigates the incident. “The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK.” The CEO said.
The company also assured that Binance will use the SAFU fund (Secure Asset Fund for Users which is an emergency insurance fund) to cover this incident in full. No user funds will be affected.
Precautions for Users
A disturbing part of this breach is that the company admitted the hackers managed to get their hands on user critical information, such as API keys, two-factor authentication codes, and potentially other information, which is required to log in to a Binance account.
Zao, the CEO also warned that “hackers may still control certain user accounts and may use those to influence prices.”
Binance therefore urges its users to change their API keys and two-factor authentication
Fortunately, the Binance cold storage—the offline wallets where the majority of funds are kept—remain secure. Also, Internet-connected individual user wallets were not directly affected.