According to Binance’s recent update, the world’s largest exchange noticed a security breach yesterday, May 7th, at around 17:15:24. So far, the exchange had reported several details regarding the breach, including the theft of up to 7,000 BTC ($40 million) that were withdrawn in a single transaction. Additionally, Binance reports that hackers managed to obtain a large number of user API keys, 2FA codes, and maybe even additional information.
How did the attack happen?
While the details of the attack have yet to be released, and likely, determined — the exchange did reveal that the attack was extremely complex and professional. They claim that hackers used multiple techniques, such as phishing, viruses, and more, in order to gain access.
As mentioned, Binance is still trying to discover the exact method used in the security breach, and there remains a possibility that there are additional hacked accounts that were not even revealed yet. One thing that was noted in the report is that hackers were extremely patient, waiting for the right opportunity to strike.
“Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” the official announcement reads.
Binance itself was known for a long time for its ability to avoid this type of attacks and breaches. However, the hackers were well-organized, and they used ‘multiple seemingly independent accounts at the most opportune time,’ as Binance puts it.
There was only one transaction, as mentioned before, and it supposedly only impacted Binance’s single hot wallet, which contained around 2% of the exchange’s BTC. All other wallets are safe at this time, particularly cold wallets, where the majority of the funds is contained. Meanwhile, the transaction that stole 7,000 BTC happened at just the right time to get past multiple security checks unobserved.
No withdrawals or deposits for a week, but trading continues
Binance also reported that it will cover the incident through the use of the #SAFU fund and that user funds will not be affected in any way. However, the exchange now has to go through a thorough security review. There was a lot of activity within Binance ecosystem recently, and even a single flaw can be the reason why this was possible. Combing through the entire ecosystem will take time, but Binance estimates that it should be done within a week.
“We must conduct a thorough security review. The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK. We will post updates frequently as we progress,” the exchange said in a statement.
Unfortunately for its users, that means that there will be no withdrawals or deposits, for which the exchange apologizes, but asks its customers to understand their position. However, trading will continue, so anyone who has already entered positions can adjust them as per their desire.
Meanwhile, the exchange will post regular updates regarding its discoveries as the investigation progresses. The exchange’s users are also reminded that it is possible that some user accounts might be under control of the hackers, and so a potential influence on some prices might be possible. Binance plans to monitor the situation closely and seek out any irregular activities or behavior in order to prevent future incidents.
CZ talks about security breach and confirms margin trading rollout:
— CZ Binance (@cz_binance) May 8, 2019