The
thieves bade their time before running off with more than 7,000 Bitcoin ‘in one
fell swoop’
By Tomáš Foltýn
The thieves bade their time before running
off with more than 7,000 Bitcoin ‘in one fell swoop’
Binance, one of the world’s largest
cryptocurrency exchanges, has revealed that it’s fallen victim to a major
security breach in which hackers made off with some US$41 million worth of
Bitcoin.
Several methods, including phishing attacks
and malware deployment, were leveraged for the robbery, which was discovered on
Tuesday. According to a notice by Changpeng Zhao, the founder and
CEO of the exchange, the ne’er-do-wells got ahold of a large number of user API
keys and two-factor authentication codes before capping their campaign with the
theft of 7,074 Bitcoin from the company’s Bitcoin hot wallet via a single transaction.
“The hackers had the patience to wait and
execute well-orchestrated actions through multiple seemingly independent
accounts at the most opportune time. The transaction is structured in a way
that passed our existing security checks,” said Zhao.
He noted that still more user accounts may
have been accessed by hackers, as there may be “additional affected accounts
that have not been identified yet”.
“It was unfortunate that we were not able to
block this withdrawal before it was executed. Once executed, the withdrawal
triggered various alarms in our system. We stopped all withdrawals immediately
after that,” he added.
The hot wallet, which is connected to the
internet and used to carry out transactions, stored roughly two percent of the
company’s Bitcoin holdings. All other wallets are “secure and unharmed”, said
Zhao.
All deposits and withdrawals are still
suspended, and will remain so until a thorough a security review of the
exchange’s systems and data is completed. The review is expected to take a
week.
Binance has pledged to cover user losses from
the Secure Asset Fund for Users (SAFU), which is its emergency insurance fund.
Cryptocurrency exchanges have long been among
favorite targets for digital thieves. Bithumb, another major cryptocurrency
platform, lost nearly US$20 million just weeks ago in what was said
to be the work of rogue insiders.