Binance, one of the world’s biggest cryptocurrency exchanges by trading volume, says that it has suffered a security breach that saw hackers steal more than $40 million worth of Bitcoin.
A statement issued by the company says that it discovered the “large scale security breach” yesterday, and has determined that hackers were able to steal a large number of user API keys, 2FA codes, and potentially other information.
In one single transaction the hackers were able to withdraw 7000 Bitcoins (worth, at current exchange rates, approximated US $40.6 million) from Binance’s hot wallet – approximately 2% of the company’s total Bitcoin holdings.
In the statement the cryptocurrency exchange reassures customers that all of its other wallets “are secure and unharmed”, and that its Secure Asset Fund for Users (SAFU), stored in a separate cold wallet for just such emergencies, will cover any losses.
Binance says it is now investigating the security breach, and will review the defences it has in place to see what can be improved.
According to the company’s statement, the hackers used a “variety of techniques, including phishing, viruses and other attacks”.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
The implication appears to be that the hackers could have stolen much more money had the exchange’s alarm bells not sounded.
While its investigation continues, Binance has suspended all deposits and withdrawals – although trading remains open.
Cryptocurrency forensics firm CipherTrust reported earlier this year that a staggering US $950 million worth of cryptocurrency was stolen by hackers from exchanges during 2018 – 3.6 times more than in the previous year.
Binance is no stranger to being the target of hacker attacks. Last year it offered a $250,000 reward for information that led to the arrest of hackers who attacked its platform.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: https://hotforsecurity.bitdefender.com/blog/40-million-worth-of-bitcoin-stolen-from-binance-cryptocurrency-exchange-21139.html