has endured a “large scale” cyber attack which resulted in the theft of 7000 Bitcoins worth around $40.8 million from the platform.
Binance publically reported the security breach on Tuesday and explained that the hackers somehow obtained “a large number of user API keys, 2FA codes, and potentially other info” to carry out the attack.
“The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” the exchage noted.
The exchange ensured that funds stored in its hot wallets were only compromised, which consists of around 2 percent of the exchange’s total holdings.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks,” Binance explained.
Too many coincidences?
The report of the breach followed hours after an unscheduled server maintenance by the exchange. While communicating about the maintenance activity, Changpeng “CZ” Zhao, founder and CEO of Binance, specifically mentioned that all “funds are safu” which now created a stir in the community.
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are .
— CZ Binance (@cz_binance)
This also overlapped with a scheduled ask-me-anything (AMA) session by Zhao, which he did not cancel due to the sudden crisis.
Answering to a question related to this recent breach, Zhao hinted that the exchange is considering to roll back the transaction data related to the theft of Bitcoins.
“To be honest, we can actually do this probably within the next a few days. But there’re concerns that if we do a rollback on the Bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin,” Zhao stated.
This, however, was not welcomed by a major section of the Bitcoin community as many are taking social media platforms to show their decent.
Dear please stop considering an attack on the bitcoin blockchain to fix your mistakes. We don’t do rolbacks here. Perhaps consider adding an option to your platform for users to designate their funds for 100% cold storage with manual withdrawal review.
— WidespreadBTC (@WidespreadBTC)
“The team is still deciding that, and we are running through the numbers and checking everything,” he added. “It’s interesting that it’s a tech solution [suggested] to us by the community, including some of the core members of the bitcoin development team. We will consider that very, very carefully, with the feedback we are receiving.”
Compensating the victims
Binance was quick enough to ensure that it will fully compensate all the victims from its Secure Asset Fund for Users (SAFU).
Thanks for the support, really appreciate it. But currently no need. We will cover the loss from the fund, there is enough. We are hurt, but not broke.
We are working hard to resolve the issue, so that everyone can deposit and withdrawal again. Will take some time.
— CZ Binance (@cz_binance)
In addition, other crypto exchanges are also diving in to support the affected exchage by blacklisting the addresses to which the stolen funds were transferred as we have seen in the past that hackers immediately head to the fiat-based exchanges to cash out the digital currencies.
Also thanks to and many other exchanges (again, can’t list everyone) pledging to block deposits from those addresses. Much appreciated!
Also much appreciate the “unitedness” of our industry to fight hackers and fraud.
— CZ Binance (@cz_binance)
Though exchanges like and were attacked earlier this year, Binance’s breach is the largest crypto heist in 2019. Moreover, Binance, being one of the largest digital asset exchange on the globe, also raised questions on the security measures taken by the crypto exchanges.
Be First to Comment