The world’s largest cryptocurrency exchange in terms of trade volume, Binance, has been hacked, with more than $40 million being stolen from the firm’s hot wallets.
Binance issued an update at 12am (UTC). The exchange claims that “hackers were able to withdraw 7,000 BTC ($40.5 million) in one transaction”, although only 2% of the company’s total BTC holdings were being held in hot wallets.
The update also stated: “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
You may have seen the term "SAFU fund" come up a few times today.
"SAFU", the Secure Asset Fund for Users is an emergency insurance fund.
— Binance (@binance) May 8, 2019
As part of an ongoing security investigation, Binance has halted all deposits and withdrawals, with estimates suggesting that they will remain offline for one week.
Binance CEO Changpeng ‘CZ’ Zhao provided further clarification via an ‘Ask Me Anything’ (AMA) on Twitter.
“It’s been a rough day,” CZ admitted. “It’s a very advanced, persistent hacking effort. They used both external and internal methods to phish a lot of user accounts. The hackers are very patient. They waited to get a lot of high-net-worth accounts. It’s unfortunate and our security measures were not able to stop that withdrawal. We had the SAFU fund set up before, so we will use that to cover it.”
— CZ Binance (@cz_binance) May 8, 2019
There was speculation over whether Binance would pursue a re-org approach, which would see transactions roll back. However, after consulting with Bitcoin core decision makers, CZ decided against this approach.
Disclaimer: The views and opinions expressed by the author should not be considered as financial advice. We do not give advice on financial products.