Major cryptocurrency exchange Binance reported that it lost 7,000 bitcoins, worth around $41 million, in hacking. Binance, the world’s largest crypto exchange by volume, said they discovered a large scale security breach on Tuesday.
Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. They used a variety of techniques, including phishing, viruses and other attacks.
Binance said the hackers were able to withdraw 7000 BTC in single transaction, and expressed doubt if there are additional affected accounts that have not been identified yet.
The hacking impacted only Binance’s BTC hot wallet, which contained about 2 percent of the exchnage’s total BTC holdings.
All the other wallets are secure and unharmed.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” Binance said in a notice, and noted that the transaction was structured in a way that passed its existing security checks.
The withdrawal triggered various alarms in the system once it was executed, and all withdrawals were immediately stopped.
Binance promised to use the Secure Asset Fund for Users (SAFU) fund to cover the losses in full, and assured that no user funds will be affected.
A thorough security review also has been announced, which is estimated to take about one week. Deposits and withdrawals will remain suspended during this period.
The exchange’s CEO, Changpeng Zhao, warned investors that the hackers may still control certain user accounts and may use those to influence prices in the meantime.
The latest incident of hacking attack targeting major crypto exchanges had a negative impact on the market prices.
The multi-prong attack used phishing, viruses and other methods to breach the accounts, Binance said. Sensitive user data was also mined, officials said.
“The hackers had the patience to wait and execute well-orchestrated actions through the multiple seemingly independent accounts at the most opportune time,” Binance said in a statement. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.
Bnance said the withdrawal set off multiple alarms in the system.
“We stopped all withdrawals immediately after that,” it added.
Binance is planning a security review of systems and data and said it will give updates throughout the process.
“Most importantly, deposits and withdrawals will need to REMAIN SUSPENDED during this period of time,” the exchange said. “We beg for your understanding in this difficult situation.”
Trading will not be suspended, but Binance cautioned that the hackers could still control certain user accounts and may use those to influence prices.
“But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets,” Binance said.
Founded in 2017, Binance is a global platform that hosts trading for more than 100 cryptocurrencies. It’s the world’s largest cryptocurrency exchange, by trading volume.