Well, what a night it has been, woke up to numerous alerts stating that the cryptocurrency exchange Binance had confirmed a “large scale” information breach, by which hackers took more than $40 million in cryptocurrency.
In a statement, the company stated hackers took API keys, two-factor codes along with other facts in the attack.
Binance traced the cryptocurrency theft — significantly more than 7,000 bitcoins during the time of writing — to just one wallet following the hackers stole the contents associated with the company’s bitcoin wallet that is hot. Binance, the world’s largest cryptocurrency exchange by volume, stated the theft affected about 2 percent of its total bitcoin holdings.
“All of our other wallets are secure and unharmed,” said the statement.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the statement read. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
“Once that we were not able to block this withdrawal executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement said.
Binance said its secure asset fund for users (SAFU) will cover user losses.
Until the company’s investigation is complete, deposits and withdrawals will remain suspended but trading will remain open.
On Periscope, Zhao gave more details about the hack, saying that it was a very advanced effort executed by “very patient” hackers who waited until they had a number of high net worth accounts. He added that Binance will be able to cover the bitcoin lost without help. The company does not know yet exactly how many people were affected.
The business is using more exchanges to block deposits from hacked addresses. It is about a week before Binance can release withdrawals or accept deposits once again because it needs to “make sure we completely eradicate any trace of hackers in all our accounts and data and that is a pretty tedious process,” Zhao said. He encouraged everyone to change their API keys and two-factor authentication.