If you have bitcoin holdings securely tucked away in the cryptocurrency exchange Binance, you should be worried. Binance, one of the largest cryptocurrency exchanges by daily trade volume, has experienced a major security breach on May 7.
According to reports, the hackers achieved their target by employing a number of tactics including phishing and viruses in order to acquire a large number of 2FA codes and API keys among other information. Binance confirmed that there was one affected transaction wherein the hackers managed to get away with 7,000 bitcoins (BTC), worth a whopping $40,705,000 at press time. The exchange’s statement reads:
The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.
All the bitcoins were purportedly withdrawn from binance’s hot wallets. According to CEO Changpeng Zhao, those wallets only contain 2% of the exchange’s total bitcoin holdings. Zhao further claimed that Binance’s other wallet have remained unaffected.
The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.
However, according to the statement, the transaction upon execution triggered various alarms in their system and they were able to stop all the following withdrawals.
As of now, Binance has suspended all deposits and withdrawals as it conducts a thorough security review on its systems, which according to Zhao will likely take up to a week. However, trading is still active and traders will be able to adjust their positions as well. Zhao also stated:
“Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets”.
Moreover, Zhao added that he would hold an “ask me anything session” on Twitter to address questions from the community.
Leave your questions in the comments below⬇️⬇️⬇️
There might even be some particularly interesting answers to a few of them! Guess you’ll have to find out 👀 pic.twitter.com/8MAUDxptqI
— Binance (@binance) May 6, 2019
As for the compensation of the lost bitcoins, the exchange will be using its Secure Asset Fund for Users (SAFU) in order to fully cover for the unfortunate incident. SAFU is an emergency insurance fund which was announced by Binance in July last year with an aim to protect interest of all the users. The exchange has allocated 10% of all trading fees received into SAFU to offer protection to the users and their funds in extreme cases. This fund is stored in a separate cold wallet.
This breach isn’t a first for Binance — the exchange in fact has been the target of hackers a couple of times before as well. In March last year, rumors of Binance’s hack arose when social media users reported seeing their balances at the exchange drained, sold at market rates and converted to Viacoin. However, after initially denying any news of breach, Zhao announced that all the irregular trades had been reversed, revealing that hackers lost some funds as result.
Moreover in July last year, Binance suffered a massive API attack, which allowed hackers to sell a single Syscoin (SYS) for 96 bitcoins (BTC). Over a billion SYS were moved from a wallet, rumored to be owned by Binance, after enterprising attackers took advantage of the exchange’s Application Programming Interface (API), which determines the protocol for facilitating the trading of listed cryptocurrencies. As a result, the exchange suspended trading for security reasons. A couple of hours later, Binance reopened its API key creations, announcing it on Twitter.
The latest hack comes after a recent rally in bitcoin. The price of the digital coin is about 9% higher over the past week, which could be a motive behind the hack.
Nonetheless, Binance has always managed to recover from the menace of hacks and breaches, maintaining its place as one of the biggest exchanges in the cryptoverse.