- Toshendra Kumar Sharma
- May 10, 2019
Binance, the world’s largest cryptocurrency exchange, has fallen prey to a massive hack attack. Fund withdrawals were frozen by Binance after the internal security system spotted a suspicious transaction following its execution. As mentioned by the company in the press announcement, “The hackers used a variety of techniques, including phishing, viruses, and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.”
Changpeng Zhao, the CEO of Binance, officially admitted that Binance was undertaking unscheduled server maintenance before the security breach happened. The company will now be subjected to an internal investigation to find out the reasons for vulnerability. As mentioned in the news report, deposits and withdrawals remain suspended and trading functionality will soon be restored.
As confirmed by the company, this is a large-scale data breach in which $40 million worth of cryptocurrency has been stolen by hackers. Binance has mentioned that about 2 percent of its total Bitcoin holdings have been impacted by the theft. The other information which was stolen includes two-factor codes and API keys. The hackers have stolen 7000 BTC from Binance’s hot wallet in one transaction.
The statement issued by Zhao further stated, “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
While answering questions relating to issuing a rollback, Zhao stated:
“To be honest we can do that probably within the next few days but there are concerns that if we were to do a rollback on the bitcoin network on that scale, it may have some negative consequences in terms of destroying credibility for bitcoin, so our team is still deciding on that and running through the numbers and checking everything. We will try to maintain very high transparency.”
He also added that he got this idea from the Bitcoin community. He stated, “I actually did not know we could do that, but there are serious consequences for doing that, so we will take that very cautiously.”
Zhao mentioned that it will take another week for Binance to accept deposits and release withdrawals. He stated that it was necessary to “make sure we completely eradicate any trace of hackers in all our accounts and data and that is a pretty tedious process.”
Binance has issued a statement mentioning that user losses will be covered by its Secure Asset Fund for Users (SAFU). It has also mentioned that all its other wallets are secure and unharmed.
As per updates on Periscope, the live-streaming app, Zhao called the hackers as “very patient” and called it an advanced effort as the hackers waited until they had a number of high net worth accounts. He added that Binance will be able to recover from this without any assistance or help. The company is still not aware of the total number of affected users. Binance is now working with other exchanges to block deposits from hacked addresses. Zhao has asked everyone to change their API keys and two-factor authentication.