Binance, the world’s largest cryptocurrency exchange by volume, has confirmed that $40 million in cryptocurrency has been stolen by hackers. The company has released a statement describing how the theft included API keys, two-factor codes and other information.
The hackers stole the contents of the company hot wallet which contains more than 7,000 bitcoins. Binance estimates the theft was about 2 percent of its total bitcoin holdings.
Advanced hackers were patient
“The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” a statement from the company reads.
The company says they are now doing a thorough investigation that will take a week during which they will post updates.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement continued.
CEO takes a transparent approach
CEO of Binance, Changpeng Zhao did a ‘ask me anything’ on Twitter and Periscope where he gave more details on the attack saying it was a very advanced and well-executed effort. He assures customers that the company can recover the lost coins without help though they don't have exact details on how many accounts have been affected.
The company will hold all withdrawals or deposits until they have confidently secured the exchange. They are reportedly working with other exchanges to block deposits from hacked addresses.
User should take steps to secure their wallets
Binance urges its users to change their API keys and two-factor authentication.
In response to questions about potentially issuing a rollback, Zhao said “to be honest we can do that probably within the next few days but there are concerns that if we were to do a rollback on the bitcoin network on that scale, it may have some negative consequences in terms of destroying credibility for bitcoin, so our team is still deciding on that and running through the numbers and checking everything. We will try to maintain very high transparency.”
You may have seen the term "SAFU fund" come up a few times today.— Binance (@binance) May 8, 2019
"SAFU", the Secure Asset Fund for Users is an emergency insurance fund.
Learn more about the #SAFU fund on @BinanceAcademy https://t.co/2VtAbdOHL1
Since the AMA session, Zhao has confirmed the Binance won’t pursue a rollback. Since July last year, Binance started to allocate 10 percent of its trading fees every month to a company Secure Asset Fund for Users (SAFU fund), which can now be used to recover the millions lost. Zhao says that although the company is able to recover the losses “it does hurt very much.”