News
Not Even Binance Is Safe: 7000 BTC Hack Highlights Risk of Exchange Wallets
Christina Comben | May 08, 2019 | 05:00
There exist slamming reports after slamming reports of hackers stealing billions from exchanges, yet users still opt for convenience over security. Maybe now that powerhouse Binance has become the latest target of a 7000 BTC hack, users will finally wake up. Get a cold storage wallet for your private keys!
7000 BTC Hack in Just One Transaction
According to an update posted late yesterday on the Binance helpdesk, the exchange became aware of “a large security breach.” Hackers obtained 2FA codes, API keys, and (rather ominously) “potentially other info.”
How is it possible that the best-known cryptocurrency exchange globally with some of the top talent in the world could be hacked? This latest breach serves to highlight that no exchange is exempt from hacking. Users need to wake up and take the time to store their private keys correctly in cold wallets.
According to the post, the hackers used phishing, viruses, and various other forms of attacks that the company is still exploring. Thus far, the movements have been limited to one wallet. That’s to say, the thieves pulled off the 7000 BTC hack in just one transaction:
https://www.blockchain.com/btc/tx/e8b406091959700dbffcff30a60b190133721e5c39e89bb5fe23c5a554ab05ea
However, Binance warns that:
There may also be additional affected accounts that have not been identified yet.
Despite that phrase, the exchange insists that the hack only affected its hot wallet account. This holds around two percent of all of Binance’s bitcoin. They go on to say that:
The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks…. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.
Withdrawals and Deposits Suspended on Binance for One Week
The company will now conduct a full security audit in order to find out what went wrong as quickly as possible.
While Binance users will be able to continue trading, in order to adjust their positions if needed, all deposits and withdrawals will be suspended during this time. Sorry, folks, you ain’t getting any money in or out of Binance for at least a week. The company pleaded:
We beg for your understanding in this difficult situation.
Visibly exhausted, Changpeng Zhao (CZ) held a live AMA shortly afterward on Twitter to answer questions about the hack.
— Binance (@binance) May 8, 2019
While users were naturally alarmed, the AMA seemed to turn more into a quizzing over Binance Chain and when it will go open source.
Binance to Use Secure Asset Fund for Users (SAFU Fund) to Cover Costs
Fortunately, as one of the world’s most profitable and largest cryptocurrency exchanges, users whose funds were involved in the hack need not worry. All the costs will be covered by Binance’s Secure Asset Fund for Users (SAFU Fund).
CZ later tweeted:
cons: 4 While it is a very expensive lesson for us, it is nevertheless a lesson. it was our responsibility to safe guard user funds.
We should own up it. We will learn and improve.
As always, thank you for your support!
— CZ Binance (@cz_binance) May 8, 2019
Binance considered other methods of “revenging” the hackers, including the re-org approach. This would mean moving the funds to miners instead.
While this may serve to deter future hackers, the Binance CEO maintains that it also might damage the credibility of Bitcoin and even split the community down the middle, to which he said:
Both of these damages seems to out-weight $40m revenge
Clearly wanting to put the unfortunate incident behind him, CZ closed by saying:
To put this to bed, it’s not possible, bitcoin ledger is the most immutable ledger on the planet. Done.
What do you think about the Binance security breach? Let us know your thoughts in the comments below!
Images courtesy of Shutterstock, Twitter.
