Binance, one of the biggest crypto exchanges in terms of trade volume has lost 7,000 BTC following a hack. At the time of writing, the stolen coins are worth approximately $40,705,000.
Per the exchange, hackers used several methods to obtain two-factor authentication (2FA) codes and API keys. These tactics include the use of viruses and phishing among others. Binance also believes that the attacker could have gained access to other data.
Changpeng Zhao, Binance’s CEO, wrote a letter on the exchange’s site giving more insight into what happened. He notes that the attack happened at 17:15 on May 7. There was one affected transaction that allowed hackers to withdraw the funds. According to Zhao, this transaction affected their BTC hot wallet only. He added that the wallet only had approximately two percent of the exchange’s BTC holdings. Zhao assured Binance users that all other Binance wallets are secure and unharmed.
Apparently, the attackers were patient as they acted in a planned manner. They used independent accounts and executed the theft at a time that best-suited them. They designed the transaction in a manner that passed all of Binance’s security checks. Binance failed to block the withdrawal before it was completed. However, Binance notes the execution of the withdrawal set-off several alarms in its system.
Binance Suspends Deposits and Withdrawals
Following the attack, Binance stopped all withdrawals immediately. The exchange also stopped deposits to conduct a security review on its systems and data. Binance approximates that this activity will take about a week to complete. While withdrawal and deposit service will be unavailable until the review is finished, Binance has promised to keep trading open. In so doing, the exchange gives its clients a chance to change their positions.
The CEO explained that the attackers might still have control over certain user accounts. He added that they can use such accounts to influence prices for the time being. Nonetheless, Binance believes that by keeping withdrawals closed, hackers will lack incentives to influence the crypto market.
Binance and the SAFU Fund to Cover All Losses
In the letter written on Binance’s site, Zhao noted that the exchange and the SAFU fund would cover all losses. The SAFU (Secure Asset Fund for Users) is Binance’s insurance fund that is meant to protect users and their funds in extreme cases. Zhao went on to state that all user funds would remain untouched.
He also announced that he will conduct a Twitter AMA later on today to answer all questions from the community.
Leave your questions in the comments below⬇️⬇️⬇️
There might even be some particularly interesting answers to a few of them! Guess you’ll have to find out 👀 pic.twitter.com/8MAUDxptqI
— Binance (@binance) May 6, 2019
Do you think Binance will manage to recover the stolen funds? Let us know in the comments below.