Binance is the world’s biggest cryptocurrency exchange by volume, and it has confirmed that $40 million in the cryptocurrency have been stolen by hackers. The company has announced this news and said that the theft included API keys, two-factor codes, and other information.
The hackers were able to steal the contents of Binance’s hot wallet that had more than 7,000 bitcoins. Binance estimates that this amounted to about 2% of the company’s total bitcoin holdings. A statement from the company reads, ‘The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.’
Binance has stated that it is conducting a complete investigation that will take about a week for completion after which it will be posting updates. The statement further added, ‘The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.’
Changpeng Zhao, CEO of Binance, did a ‘ask me anything’ also known as AMA on Twitter and Periscope. It was during his AMA session that he provided more detail on the attack and stated that it was a well-executed effort and was very advanced. He has assured the customers that the company is capable of recovering the lost coins without any help despite not having the exact details on the number of accounts that have been affected. The company is holding all withdrawals or deposits up until it has confidently secured the exchange. Binance is also working with other exchanges in an attempt to block deposits from hacked addresses.
Binance has urged its users to change their API keys and two-factor authentication immediately. When asked about issuing a rollback, Zhao said, ‘to be honest we can do that probably within the next few days but there are concerns that if we were to do a rollback on the bitcoin network on that scale, it might have some negative consequences in terms of destroying credibility for bitcoin, so our team is still deciding on that and running through the numbers and checking everything. We will try to maintain very high transparency.’
Zhao confirmed after his AMA session that Binance would not be pursuing a rollback. Since July 2018, Binance has been allocating 10% of its trading fees every month to Secure Asset Fund for Users (SAFU Fund). It can be used for recovering the millions that have been lost. However, Zhao says that ‘it does hurt very much.’