Binance Hacked, Suspends all Withdrawals After 7,074 BTC Leaves Hot Wallet
Popular exchange Binance has suspended withdrawals after losing 7,074 BTC ($41.7 million USD) via a fraudulent transaction. According to a statement, hackers “were able to obtain a large number of user API keys” using a variety of methods including phishing, viruses and other attacks. It plans to cover any user losses from its emergency insurance fund, called SAFU.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Deposits and Withdrawals to Stop for a Week
Binance has suspended all deposits and withdrawals as it investigates the situation, and estimated this will take a week. It also promised to provide regular updates.
The BTC price fell by up to $200 (at press time) as news of the incident spread. Some users noted that bitcoin bull runs, such as the one that saw BTC reach almost $6,000 this week, after often stopped in their tracks by major exchange hacks.
Binance said it had not yet uncovered the full extent of the loss, and other accounts may be affected. The missing 7,074 BTC (from a single transaction) is the only known theft so far, which the company said came from its hot wallet and contained 2 percent of its total BTC holdings.
The statement described briefly how the hackers were able to take the funds:
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
The situation first came to light after CEO Changpeng Zhao (“CZ”) reported “unscheduled server maintenance” would affect movements of funds in and out of the exchange:
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are #safu.
— CZ Binance (@cz_binance) May 7, 2019
Binance said trading on the platform will continue as normal during its investigation. Suspending withdrawals will permit staff to investigate the issue more thoroughly, but also added “we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets”.
Binance Added Account Insurance Fund in 2018
Since launching in mid-2017 just as bitcoin and cryptocoins in general began their biggest bull run in history, Binance has become one of the world’s most popular digital asset trading platforms. It launched with a mission to list as many tokens as possible, capitalizing on 2017’s ICO craze.
Its availability in multiple markets and user-friendly interface drew large numbers of users. Today’s breach is its most serious security crisis so far, but the company hedged against such an occurence in July 2017 when it launched the “Secure Asset Fund for Users (SAFU)”. SAFU directed 10 percent of all trading fees into a special insurance fund to cover potential losses in the event of a theft or hack — a move that now appears to be a wise one.
Are you a Binance user? Do you feel as though your account on the platform is secure? Tell us what you think in the comments.
Images via Pixabay