Leading cryptocurrency exchange, Binance confirmed in an update that it has witnessed its first large scale security breach, with hackers able to withdraw 7000BTC ($40.4 million) in a single transaction. The confirmation followed a period of hours during which the exchange paused withdrawals citing "unscheduled server maintenance".
Details of Binance Hack Incident
- Hackers got through the exchange by using methods such as phishing and viruses to collect a large number of user API keys, 2FA codes, and potentially other info.
- With the stolen user information, they executed "well-orchestrated actions through multiple seemingly independent accounts" at a period Binance described as the most opportune time.
- However, the size of the transaction triggered alarms for a security check, prompting Binance to pause all withdrawals from its platform.
- It was already too late, as the exchange noted that by then , the hackers had moved 7000BTC from it's hot wallet.
- Binance said all of it's other wallets are safe with affected user accounts now under control and investigation into other affected users still ongoing.
- The stolen funds ($40.4 million) will be replaced from the exchange's SAFU Fund, which represents a self-insurance strategy fund where Binance reportedly keeps 10% of its daily trading fees.
Meanwhile, the Binance security breach is the third major hack incident on cryptocurrency exchanges this year. Stmarket.co reported a similar development at peer-to-peer exchange, LocalBitcoins with the other incident involving New-Zealand based, Cryptopia.