More than 7,000 BTC stolen in one transaction
Hackers stole more than $40 million from coin exchange Binance late on Tuesday in a “well-orchestrated” attack, the company has admitted.
User API keys, two-factor authentication tokens, and other information was taken in order to pull off the audacious hack, which was discovered yesterday.
The unknown crooks were able to take 7,000 BTC in one transaction before the intrusion triggered security alarms and withdrawals were shut down.
Binance said that only its hot wallet, which contained around 2% of its overall cryptocurrency holdings, was affected.
All other wallets were secure and unharmed, the company said.
Binance blamed a series of phishing campaigns, computer viruses, and “other” attacks for the breach – but didn’t clarify exactly what security holes had been exploited.
A statement read: “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.
“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
Lost coins will be reimbursed through the Secure Asset Fund for Users (SAFU), an emergency insurance fund set up by Binance, and financed using 10% of transaction fees.
Binance said it is conducting a thorough security review, expected to take one week. Deposits and withdrawals are being suspended during this time, though trading remains open.
The CEO of Binance, known as CZ, drew criticism on Twitter after admitting his team had considered a rollback to recuperate funds – an almost impossible process.
He was effectively suggesting a hard fork, which can only be executed if the whole community agrees. This has been carried out with Ethereum, a controversial move.
He tweeted: “[It] would be very hard to pull off anyway, not for $40m. Most miners will not ‘centralize’ together just for that. But it was suggested by some great minds, we learned, considered, and decided not to pursue further.”