In what would come as a shocking news to everyone in the crypto community, the largest cryptocurrency exchange Binance has also become the target of hackers. And being the largest the amount it has lost is also the largest amount stolen till date in any cryptocurrency exchange hack. The announcement of this security breach was done by the company about 3 hrs back in a blog post published on their official blog, and since then entire crypto community is in a sense of shock and dismay.
The announcement came from their Twitter handle at 5:06 AM IST. In the announcement company said that it has detected a large scale security breach in which user API keys, 2FA codes and some other info was stolen. The hackers were also able to withdraw 7000 BTC (worth $40 million) in a single transaction. The blockchain address of transaction was also provided with the announcement, and you can see its details here.
Fortunately, it seems that the user funds have not been affected in this attack. At least the company is saying so. The announcement revealed that this transaction was done from one of their hot wallets, which means that none of the users have been affected. Further, the company said that this particular hot wallet contained only about 2% of company’s total Bitcoin holdings, so there’s nothing much to worry about it. The company has also said that it will use funds from Secure Asset Fund for Users (SAFU) established last year to cover this incident in full. The user funds will not be affected.
All of this seems quite relieving, but still the deposits and withdrawals have been suspended for one week to carry out a much needed internal security review.
How did it become possible?
Binance is considered one of the best exchanges when it comes to security. It has never faced such an incident despite growing rapidly to become the largest crypto exchange in the world. So how did such an attack become possible on this exchange? The partial answer has also been provided by Binance itself. Given below is what company’s announcement said in this regard:
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
Binance CEO Chanpeng Zhao was scheduled to hold an AMA session on Periscope at 8:30 AM IST, which has not been canceled. CZ may provide some more details regarding the attack during that AMA session. We’ll keep an eye on that session and will publish what he tells there in a separate article, so keep an eye on our updates.
In the meantime, TRON Founder Justin Sun has presented yet another example of his strong friendship with CZ. He has announced that if CZ agrees then he can personally deposit 7,000 BTC to Binance. Have a look on his tweet:
— Justin Sun (@justinsuntron) May 8, 2019
Now it will be interesting to see whether CZ agrees or not.
UPDATE [9:49 AM, 8th of May]: CZ didn’t agree. He has humbly denied accepting the help of Justin, saying that he and his team members are hurt, not broke.
Thanks for the support, really appreciate it. But currently no need. We will cover the loss from the #SAFU fund, there is enough. We are hurt, but not broke.
We are working hard to resolve the issue, so that everyone can deposit and withdrawal again. Will take some time. https://t.co/0j4J0fk99W
— CZ Binance (@cz_binance) May 8, 2019