Binance Gets Hacked: 7000 Bitcoin Taken From Its BTC Hot Wallet in One Transaction

At 23:40 UTC on Tuesday (May 7), digital asset exchange Binance announced that it had suffered a major security breach—discovered at 17:15 UTC that day—as a result of which it lost 7000 BTC.

The first sign of trouble came at around 19:06 UTC on Tuesday when Changpeng Zhao (aka "CZ"), co-founder and CEO at Binance, sent out a tweet to announce "some unscheduled server maintenance":

Then, approximately, four and a half hours later, Binance sent out this tweet to explain why despots/withdrawals had been disabled:

Here are the facts and their implications according to Binance's announcement:

  • Binance detects "a large scale security breach" at 17:15:24  UTC on May 7.
  • The hackers had used various techniques ("phishing, viruses and other attacks") to obtain "a large number of user API keys, 2FA codes, and potentially other info;" Binance is continuing its investigation.
  • During this attack, only Binance's BTC hot wallet (which contained 2% of Binance's entire BTC holdings) was affected, and the stolen 7000 BTC (worth over $40 million) was withdrawn in a single Bitcoin transaction.
  • The hackers used multiple ("seemingly independent") compromised user accounts to perform the attack; Binance's security checks, sadly, did not detect what was going on, and alarms only got triggered once the withdrawal had been executed, at which point all withdrawals were disabled.
  • Binance will use its Secure Asset Fund for Users (SAFU), which was announced on 3 July 2018, to make sure that its users do not suffer any financial loss.
  • Binance has started a "security review" that is expected to take around one week. During this period, no deposits or withdrawals are possible, but trading is allowed to continue.

Here is a screenshot from Blockchain.com's blockchain explorer tool that shows the "7000 BTC transaction":

Binance Hack - 7000 BTC Transaction Screenshot.png

In case you are wondering how these funds were stolen in a single transaction, as Dovey Wan, a founding partner at crypto-focused investment firm Primitive Ventures explained on Twitter, "BTC block confirmation is slow so hacker finished all requests via API call and confirmed in 1 BTC transaction."

In a Periscope session that was scheduled for 03:00 UTC on Wednesday (May 8), CZ asked all Binance users to reset their Two-Factor Authentication (2FA) credentials since Binance doesn't know how many users affected. Also, he warned all API users to recreate their API keys.

Even more importantly, CZ mentioned that Binance is considering a "rollback" (reorganizing the Bitcoin blockchain) to recover the stolen funds, but did not like this idea because because it might "destroy credibility for Bitcoin."

The news has naturally affected the crypto markets, with almost all cryptoasets currently in the red.

According to CryptoCompare, at press time, BTC is trading at $5,844.34, down 2.26% in the past 24-hour period:

BTC - 24 Hour CC CHart - 8 May 2019.png

Binance Coin (BNB) has been harder hit:

BNB - 24 Hour CC Chart - 8 May 2019.png

These are a few reactions from the crypto community on Twitter:

  • Su Zhu (CEO and CIO at Three Arrows Capital): "Sometimes when I step back and think, am amazed by how crypto industry news has become mainstream and white glove finance news. Binance hack has made it to Bloomberg terminal front page, featuring along-side reportings on central bank activities."
  • Arianna Simpson (Founder & Managing Director at ASP): "Welllllll on the upside I guess the Binance hack is good marketing for their DEX initiative?"
  • Alex Krüger (Economist, Trader, and Analyst): "In a bear market this would have easily have caused a deluge. Either way, good excuse for bulls to take cover, bears to charge."
  • Justin Sun (Founder and CEO of TRON Foundation): "To support @binance , I will personally deposit 7000 BTC worth USDT (40 million USDT) into @binance to buy $BNB, $BTC , $TRX & $BTT if @cz_binance agrees. No need to #FUD! Funds are #SAFU! "
  • Gabor Gurbacs (digital asset strategist/director at VanEck/MVIS): "Good for @justinsuntron , @Tronfoundation and the exchange world to offer help to @binance and @cz_binance in times of need. That’s the spirit. Even if they don’t need help, we shall stand together during hard times. "
  • Twitter user @theonevortex: "Even if a friendly blockchain reorg was possible to specifically target the stolen funds it would absolutely set a terrible precedent in #bitcoin. The perception of immutability and digital gold would be lost entirely."
  • Katherine Wu (former director at Messari): "Update: hours after breach event @cz_binance is personally taking questions from twitter in live video. This level of transparency and response is absolutely commendable."

2019 is the year we may see the highest volume of security breaches. For many, now is the time to take decisive action after the Binance hack.

Featured Image Credit: Photo via Pixabay.com