The world’s largest cryptocurrency exchange Binance has been hacked. On May 07 2019: Binance, has suffered a large scale security breach where the hackers managed to stole around 7000 Bitcoin which is worth more than $40 Million USD at current price. The hack occurred at an inappropriate time for the exchange and it appears to be its largest hack to date. Nonetheless; the company promises to cover the Bitcoins lost in hack.
As like every exchange hacks; the breech was announced on Twitter as an “unscheduled server maintenance”. It alarmed a number of Twitter users and many kept messaging Binance’s CEO asking if the exchange is actually hacked.
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are #safu.
— CZ 🔶 Binance (@cz_binance) May 7, 2019
Well, shortly after that Tweet Binance founder made anther Tweet with message “Not the best of days, but we will stay transparent. Thank you for your support!” providing a more detailed report on the hack event.
Not the best of days, but we will stay transparent. Thank you for your support!https://t.co/Y1CQOatEpi
— CZ 🔶 Binance (@cz_binance) May 7, 2019
According to the official statement released by Binance’s CEO Changpeng Zhao: “About 2% of Binance’s BTC holdings were affected”. The statement reported that the exchange has experienced a security breech where the hackers withdrawn 7000 BTC ($40 Million) in a single transaction.
Transaction Hash of the hack involving some 7000 Bitcoins: https://www.blockchain.com/btc/tx/e8b406091959700dbffcff30a60b190133721e5c39e89bb5fe23c5a554ab05ea
The report states that “The hacker waited patiently and executed well organized actions through multiple independent accounts at the most appropriate time. The transaction is arranged in such a way that it passed all our existing security checks”. It was unfortunate for them to block the withdrawal before it was executed. However once the withdrawal was executed; various alarms in their system was triggered and as a result they immediately stopped all withdrawals.
The hacker used variety of techniques over a long period of time including virus, phishing and other attacks to hack the Binance wallet. While they couldn’t stop the hack; Binance traced the theft and reported that only a single account was affected by this attack and it is Binance’s hot wallet. It accounts for about 2% of the exchanges Bitcoin holdings.
Hot wallet is a wallet that is connected to the Internet where the exchange seems to hold funds to manage their day to day trading operations. Apart from hot wallet; the hacker were not able to access any cold wallet (offline storage where the majority of coins are kept). Also none of the users wallets were affected directly – the exchange reported.
Note on 2FA and users login credentials
In addition to stolen BTC the statement also reports that the hacker obtained a large number of users 2FA codes, API keys and other potential information which are required to login to Binance account.
The exchange warned that “hackers might have control over certain user accounts and might use them to influence prices”. The exchange does not know how many user accounts were exactly affected by this which can only be known after conducting a thorough security investigation. For now it is recommended that you change your password and make sure to enable Google 2 factor authentication for your account.
Funds are SAFU
The company clearly mentioned that none of the users are affected by this hack so you don’t have to worry about your coins. All wallets are secured and Binance will cover the Bitcoin loss in full. Though many are ready to support Binance the company stated that it will cover the loss without any help.
— H.E. Justin Sun🇬🇩🇩🇲🔥₮ (@justinsuntron) May 8, 2019
Binance seems to maintain an emergency account for such events which is dubbed as SAFU (Secure Asset Fund for Users) account. It was setup last year and the exchange mentioned that they will use SAFU account to cover the stolen Bitcoins.
Thanks for the support, really appreciate it. But currently no need. We will cover the loss from the #SAFU fund, there is enough. We are hurt, but not broke.
We are working hard to resolve the issue, so that everyone can deposit and withdrawal again. Will take some time. https://t.co/0j4J0fk99W
— CZ 🔶 Binance (@cz_binance) May 8, 2019
While this is a good news; the bad news is that all withdrawals and deposits will be suspended for about a week until the investigation is over.
Binance mentioned that they will conduct a security review analyzing the whole system in detail which is a huge process that is estimated to take about a week. The company wants to completely eradicate the trace of hackers and also wants to ensure that going further no such attacks occur. Also the Binance team is currently working with several other exchanges to block deposits from the hackers BTC address. During this period; withdrawals and deposits will be frozen. However trading is not affected. You can trade as usual and the trading will remain open for all users. Only the withdrawals and deposits are halted.
Binance hack update
Even though Binance quickly responded to the hack and was very much transparent about the unpleasant event; a dramatic event like this always reminds us one thing:
“Not your keys, not your Bitcoin”.
Private keys should be under the control of the individual holder.
Currently Binance team is working on security review to find out what went wrong and what can be done to get the issue resolved.
In the meantime, CZ (CEO of Binance) stated that they will continue the scheduled Twitter Ask Me Anything as planned.
What do you think about this hack? Do share your thoughts in the comments section.