SUMMARY
With 7K Bitcoins stolen, it’s one of the largest hacks since Mt Gox
No user funds will be affected, Binance has said
The exchange restricts existing API keys to have trading-only mode
At a time when the matter of the missing $145 Mn worth of cryptos at Canada-based QuadrigaCX is still open even as the exchange declared bankruptcy, hackers have now stolen 7K Bitcoins worth $41 Mn from Binance, one of the largest crypto exchanges in the world.
The security breach occurred at 17:15:24 UTC (22:45 IST) on May 7. Binance revealed that hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks.
“The single transaction of worth 7,000 Bitcoin has impacted our Bitcoin hot wallet only (which contained about 2% of our total BTC holdings). All of our other wallets are secure and unharmed. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” said Binance in a press statement.
While Binance will use the SAFU fund to cover this incident in full, deposits and withdrawals will remain suspended for the duration. No user funds will be affected. “We must conduct a thorough security review. The security review will include all parts of our systems and data, which is large. This will take about one week,” the company added.
Due to irregular trading on some APIs, Binance will now restrict all currently existing API (application programming interface) keys to a trading-only mode. These keys will then be removed in full at 1:30 PM (UTC), May 8, 2019. The users will have to recreate new API keys in order to attain their full functionality.
As tweeted by the CEO Changpeng Zhao, Binance is exploring all the options. However, It is not the first time that hackers have targeted Binance. Earlier on March 7, 2018, Binance had suspected an unsuccessful large scale organised security breach. Binance had then offered a $250K equivalent bounty to anyone who supplied information that would lead to the legal arrest of the hackers involved in the attempted hacking incident.
Since then, Binance claims to have added many security audits. However, learning from the past, hackers patiently waited and structured their transaction in a way that passed all the existing security checks. “It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” said Binance.
Since the inception of Bitcoin which many claim to be the safest and most secure currency in the world, exchange hacks and Bitcoin theft worth millions has become a common phenomenon.
The biggest hack happened to Japanese cryptocurrency exchange Mt Gox where 850K Bitcoin went missing, which had a deep impact on the cryptocurrency market. Another Japanese cryptocurrency exchange Coincheck lost 4K Bitcoin in January last year.
