cryptocurrency exchanges. As of Tuesday, it’s now also the scene of a major cryptocurrency theft. In what the company calls a “large-scale security breach,” hackers stole not only 7,000 bitcoin—equivalent to over $40 million—but also some user two-factor authentication codes and API tokens.
Theft has long been endemic to cryptocurrency; hackers stole more than $356 million from exchanges and infrastructure in the first three months of 2019 alone, according to a recent report from blockchain intelligence company Ciphertrace. But it’s less common to see an established exchange like Binance get hacked—and for the attackers to get so much other information along the way.
Binance has been fairly forthcoming about the hack, detailing its impact in a blog post from Binance CEO Zhao Changpeng. “The hackers used a variety of techniques, including phishing, viruses and other attacks,” wrote Zhao. “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.”
It appears that hackers were able to compromise several high-net-worth accounts, whose bitcoin was kept in Binance’s so-called hot wallet—which, unlike cold wallets, are connected to the internet—and filch those funds in a single transaction.
Zhao says the company will conduct a security review of all its systems and data, which he expects to take about a week. In a surprising move, Binance will continue to allow trading during that time—even though hackers may still control some high-net-worth accounts—though it will disable deposits and withdrawals until it’s sure the hackers are accounted for.
“Binance knows that they lost user credentials, that their users’ 2FA got compromised, they do not know the exact extent of the attac
Be the first to write a comment.