Cyrptocurrency exchange Binance has confirmed large scale data breach, in which the attackers have stolen more than $40 million in cryptocurrency.
In a official statement, the company has said that the malicious hackers have stolen their API keys, two-factor codes and other information in the attack.
Binance has traced the cryptocurrency theft — more than 7,000 bitcoins at the time of writing — to a single wallet after the malicious hackers have stolen the contents of the company’s bitcoin hot wallet.
Binance, the world’s cryptocurrency exchange by volume, said the theft impacted about 2 percent of its total bitcoin holdings.
“All of our other wallets are secure and unharmed,” said the statement.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the statement read. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
“Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement said.
Binance said its secure asset fund for users (SAFU) will cover user losses.
Until the company’s investigation is complete, the deposits and the withdraws will remain suspended but the trading is going to remain open.
Binance chief executive Changpeng Zhao is set to hold a Twitter ask-me-anything session in the coming hours.
The Wall Street Journal in 2018 has come up with elements that make the bitcoin theft particularly appealing:
Unlike stock exchanges, which facilitate trading but don’t actually hold securities on behalf of investors, many cryptocurrency exchanges charge fees for trading and store currencies for their customers. Analysts say that makes cryptocurrency exchanges like sitting ducks. Thieves that manage to break in can do something akin to robbing a bank—getting hold of valuable cryptocurrencies that they can cash out of.
Cryptocurrency exchanges are “easy to breach, with minimum effort and expense from attackers and with maximum return on investment,” said Robert Statica, president of BLAKFX, a cybersecurity firm in New York.
Some of my thoughts/insights on Binance hack
– $41M is peanuts for Binance – they can make it back in 47 days
– It was the sixth largest exchange hack in history and the total amount stolen from exchanges is now $1.35 billion
– reorg was a stupid idea that wouldn’t work pic.twitter.com/K8rBuFggZm
— Larry Cermak (@lawmaster) May 8, 2019