Binance has become the victim of a “large scale” cyber attack that resulted in the theft of 7000 Bitcoins worth around $40.8 million.
The exchange publically reported the security breach on Tuesday and explained that the hackers somehow obtained “a large number of user API keys, 2FA codes, and potentially other info” to carry out the attack.
“The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” the exchange noted.
The exchange ensured that funds stored in its hot wallets were only compromised, which consists of around two percent of the exchange’s total holdings.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks,” Binance explained.
Too many coincidences?
The report of the breach came hours after unscheduled server maintenance by the exchange. While communicating about the maintenance activity, Changpeng “CZ” Zhao, founder and CEO of Binance, specifically mentioned that all “funds are #safu” which now created a stir in the community.
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are #safu.
— CZ Binance (@cz_binance) May 7, 2019
This also overlapped with a scheduled ask-me-anything (AMA) session by Zhao, which he did not cancel despite to the sudden crisis.
Answering to a question related to this recent breach, Zhao hinted that the exchange is considering to roll back the transaction data related to the theft of Bitcoins.
“To be honest, we can actually do this probably within the next a few days. But there’re concerns that if we do a rollback on the Bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin,” Zhao stated.
This, however, was not welcomed by a major section of the Bitcoin community.
Dear @cz_binance please stop considering an attack on the bitcoin Blockchain to fix your mistakes. We don't do rolbacks here. Perhaps consider adding an option to your platform for users to designate their funds for 100% Cold Storage with manual withdrawal review.
— WidespreadBTC (@WidespreadBTC) May 8, 2019
“The team is still deciding that, and we are running through the numbers and checking everything,” Zhao added. “It’s interesting that it’s a tech solution [suggested] to us by the community, including some of the core members of the bitcoin development team. We will consider that very, very carefully, with the feedback we are receiving.”
Compensating the victims
Binance was quick enough to ensure that it will fully compensate all the victims from its Secure Asset Fund for Users (SAFU).
Thanks for the support, really appreciate it. But currently no need. We will cover the loss from the #SAFU fund, there is enough. We are hurt, but not broke.
We are working hard to resolve the issue, so that everyone can deposit and withdrawal again. Will take some time. https://t.co/0j4J0fk99W — CZ Binance (@cz_binance) May 8, 2019
In addition, other crypto exchanges are also diving in to support the affected exchange by blacklisting the addresses to which the stolen funds were transferred as we have seen in the past that hackers immediately head to fiat-based exchanges to cash out the digital currencies.
Also thanks to @coinbase and many other exchanges (again, can't list everyone) pledging to block deposits from those addresses. Much appreciated!
Also much appreciate the "unitedness" of our industry to fight hackers and fraud. — CZ Binance (@cz_binance) May 8, 2019
Though exchanges like Cryptopia and Bithumb were attacked earlier this year, Binance’s breach is the largest crypto heist in 2019. Moreover, Binance being one of the largest digital asset exchange on the globe also raised questions on the security measures taken by crypto exchanges.
