Binance one of the world’s largest crypto exchanges suffered a large scale security breach late today, according to a statement from their official blog. Hackers managed to obtain API keys, two-factor-authentication codes and other information. In addition, 7,000 Bitcoin ($40 million) were withdrawn in a single transaction.
The hackers obtained 2FA codes, API keys, and potentially other info. Binance wrote in a statement that they were aware the hackers involved “used a variety of techniques, including phishing, viruses and other attacks,” though the company was “still concluding all possible methods used” and there may be “additional affected accounts that have not been identified yet.”
We urge users to change their password, revoke the API keys including 2FA keys to avoid future attack on the account.
According to the post, the hackers used phishing, viruses, and various other forms of attacks that the company is still exploring. Thus far, the movements have been limited to one wallet. That’s to say, the thieves pulled off the 7000 BTC hack in just one transaction.
The exchange insists that the hack only affected its hot wallet account. This holds around two percent of all of Binance’s bitcoin. They go on to say that:
The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks…. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.
The company will now conduct a full security audit in order to find out what went wrong as quickly as possible. While Binance users will be able to continue trading, in order to adjust their positions if needed, all deposits and withdrawals will be suspended during this time. Sorry, folks, you ain’t getting any money in or out of Binance for at least a week.
Fortunately, as one of the world’s most profitable and largest cryptocurrency exchanges, users whose funds were involved in the hack need not worry. All the costs will be covered by Binance’s Secure Asset Fund for Users (SAFU Fund).
How is it possible that the best-known cryptocurrency exchange globally with some of the top talent in the world could be hacked? This latest breach serves to highlight that no exchange is exempt from hacking. Users need to wake up and take the time to store their private keys correctly in cold wallets. Maybe now that powerhouse Binance has become the latest target of a 7000 BTC hack, users will finally wake up. Get a cold storage wallet for your private keys!