Crypto Exchange Binance Loses 7000 BTC Tokens Worth $40 Million In A Massive Hack
In a massive security breach on Tuesday, May 7, the world’s largest cryptocurrency exchange by trading volumes - Binance - lost 7000 BTC tokens to hacker amounting to a total of $40 Million USD.
In the official announcement, Binance founder Changing Zhao writes that the hackers employed several attacks including phishing viruses and other techniques. This way they were able to get their hands on “a large number of user API keys, 2FA codes, and potentially other info”.
The hacking attack just took place hours after Changing Zhao announced about unscheduled server maintenance on his Twitter account.
Binance has assured that it is still identifying several user accounts on its platform which may have been compromised. Zhao stated that the hackers were able to siphon-off 7000 BTC tokens in a single transaction from Binance’s hot wallets.
The hot wallets of the Binance exchange consist of only 2% of its overall holdings as Zhao assures that all other wallets are “secure and unharmed”. In the announcement, Zhao has also unveiled the BTC address used by the hacker to receive all the stolen funds. Owing to this, Coinable and other crypto exchanges have initiated swift action to block this address from using their platform.
Zhao wrote: “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that”.
Over the next week, Binance will conduct a thorough review of its system identifying all the possible loopholes which might have been exploited by the hackers. Hence, all deposits and withdrawals will remain suspended during this time.
Furthermore, the Binance founder has also assured of recovering the massive $40 million from the exchange’s “Secure Asset Fund for Users (SAFU fund)”. The fund is made up of 10 percent of all the trading fees received by the exchange. The fund is created by the exchange as part of its back-up during such time of distress.
Zhao assures that the SAFU fund has enough money to recover all the losses. To assure Binance customers about their fund safety, Zhao also conducted a 40 minute AMA (Ask Me Anything) session.
While answering the questions, Zhao said that the company would also consider an option of rolling back the Bitcoin transactions after consulting other industry players. However, this would require getting 51 percent control of the Bitcoin network’s hashing power as well as getting the consensus from different mining pools and major miners.
But Zhao seems to have dropped this plan owing to some “ethical and reputational considerations for the bitcoin network.” He added: “To be honest, we can actually do this probably within the next a few days. But there’re concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin.”