Hackers Have Stolen from Binance
This time, the victim is Binance, headed by Changpeng Zhao. It appears several hackers went into Binance early Tuesday morning and stole as many as 7,000 bitcoin units.
The company has released a statement, explaining:
Hackers were able to obtain several user API keys, 2FA codes and potentially other information. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet. The hackers had the patience to wait and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. We were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.
The company claims that no user funds were affected from the hack. Rather, it was the company’s own stash that was stolen from, and the losses account for roughly two percent of Binance’s overall reserves. The company also says it has enough money to cover the losses, and they are advising everyone to reset their two-factor authentication statuses just to be safe.
We do have the funds to cover that $40 million, so we are completely OK on the funding side. It does hurt very much, but we are able to cover that. We do not need funding help. We have been working with other exchanges to block deposits from hacked addresses… While it is a very expensive lesson for us, it is nevertheless a lesson. It was our responsibility to safeguard user funds. We should own up to it. We will learn and improve.
Over the next few weeks, Binance plans to conduct a security review of its systems to see what may have led to the hack and what vulnerabilities, if any, remain. At press time, bitcoin is trading for over $5,800 and doesn’t appear to have been affected by the hack.
No More Deposits or Withdrawals for a While
The company concluded its statement with:
Deposits and withdrawals will need to remain suspended during this period. We beg for your understanding in this difficult situation. We will continue to enable trading, so that you may adjust your positions if you wish. Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely, but we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.