Binance Gets Hacked: 7000 Bitcoin Taken From Its BTC Hot Wallet in One Transaction

At 23:40 UTC on Tuesday (May 7), digital asset exchange Binance announced that it had suffered a major security breach—discovered at 17:15 UTC that day—as a result of which it lost 7000 BTC.

The first sign of trouble came at around 19:06 UTC on Tuesday when Changpeng Zhao (aka "CZ"), co-founder and CEO at Binance, sent out a tweet to announce "some unscheduled server maintenance":

Then, approximately, four and a half hours later, Binance sent out this tweet to explain why despots/withdrawals had been disabled:

Here are the facts and their implications according to Binance's announcement:

  • Binance detects "a large scale security breach" at 17:15:24  UTC on May 7.
  • The hackers had used various techniques ("phishing, viruses and other attacks") to obtain "a large number of user API keys, 2FA codes, and potentially other info;" Binance is continuing its investigation.
  • During this attack, only Binance's BTC hot wallet (which contained 2% of Binance's entire BTC holdings) was affected, and the stolen 7000 BTC (worth over $40 million) was withdrawn in a single Bitcoin transaction.
  • The hackers used multiple ("seemingly independent") compromised user accounts to perform the attack; Binance's security checks, sadly, did not detect what was going on, and alarms only got triggered once the withdrawal had been executed, at which point all withdrawals were disabled.
  • Binance will use its Secure Asset Fund for Users (SAFU), which was announced on 3 July 2018, to make sure that its users do not suffer any financial loss.
  • Binance has started a "security review" that is expected to take around one week. During this period, no deposits or withdrawals are possible, but trading is allowed to continue.

Here is a screenshot from Blockchain.com's blockchain explorer tool that shows the "7000 BTC transaction":

Binance Hack - 7000 BTC Transaction Screenshot.png

In case you are wondering how these funds were stolen in a single transaction, as Dovey Wan, a founding partner at crypto-focused investment firm Primitive Ventures explained on Twitter, "BTC block confirmation is slow so hacker finished all requests via API call and confirmed in 1 BTC transaction."

In a Periscope session that was scheduled for 03:00 UTC on Wednesday (May 8), CZ asked all Binance users to reset their Two-Factor Authentication (2FA) credentials since Binance doesn't know how many users affected. Also, he warned all API users to recreate their API keys.

Even more importantly, CZ mentioned that Binance is considering a "rollback" (reorganizing the Bitcoin blockchain) to recover the stolen funds, but did not like this idea because because it might "destroy credibility for Bitcoin."

The news has naturally affected the crypto markets, with almost all cryptoasets currently in the red.

According to CryptoCompare, at press time, BTC is trading at $5,844.34, down 2.26% in the past 24-hour period:

BTC - 24 Hour CC CHart - 8 May 2019.png

Binance Coin (BNB) has been harder hit:

BNB - 24 Hour CC Chart - 8 May 2019.png

These are a few reactions from the crypto community on Twitter:

  • Su Zhu (CEO and CIO at Three Arrows Capital): "Sometimes when I step back and think, am amazed by how crypto industry news has become mainstream and white glove finance news. Binance hack has made it to Bloomberg terminal front page, featuring along-side reportings on central bank activities."
  • Arianna Simpson (Founder & Managing Director at ASP): "Welllllll on the upside I guess the Binance hack is good marketing for their DEX initiative?"
  • Alex Krüger (Economist, Trader, and Analyst): "In a bear market this would have easily have caused a deluge. Either way, good excuse for bulls to take cover, bears to charge."
  • Justin Sun (Founder and CEO of TRON Foundation): "To support @binance , I will personally deposit 7000 BTC worth USDT (40 million USDT) into @binance to buy $BNB, $BTC , $TRX & $BTT if @cz_binance agrees. No need to #FUD! Funds are #SAFU! "
  • Gabor Gurbacs (digital asset strategist/director at VanEck/MVIS): "Good for @justinsuntron , @Tronfoundation and the exchange world to offer help to @binance and @cz_binance in times of need. That’s the spirit. Even if they don’t need help, we shall stand together during hard times. "
  • Twitter user @theonevortex: "Even if a friendly blockchain reorg was possible to specifically target the stolen funds it would absolutely set a terrible precedent in #bitcoin. The perception of immutability and digital gold would be lost entirely."
  • Katherine Wu (former director at Messari): "Update: hours after breach event @cz_binance is personally taking questions from twitter in live video. This level of transparency and response is absolutely commendable."

2019 is the year we may see the highest volume of security breaches. For many, now is the time to take decisive action after the Binance hack.

Featured Image Credit: Photo via Pixabay.com

John McAfee Calls People Who Fell for His $1 Million Price 'Prediction' for Bitcoin 'Idiots'

Francisco Memoria

Eccentric cybersecurity entrepreneur John McAfee has commented his $1 million bitcoin price prediction made in 2017 on social media, mocking the “idiots” that did not see the “absurd humor” in it.

In a series of tweets, McAfee reminded his followers he was the person who prediction Bitcoin, the “most crippled crypto-tech” would reach $1 million by the end of this year, and added he posted his prediction on the same day he predicted a whale-loving sport would replace surfing as the number one water sport.

While McAfee does mention the supposed sport often on his social media accounts – and has been doing so at least since 2016, he doesn’t appear to have mentioned it the same day he made the price prediction. Nevertheless, he responded to a user asking if he did not see “the absurd humor” in the $1 million bitcoin pride prediction.

He added:

Put a different way: If Bitcoin ever hit $1 mil, it's market cap would be greater than the GDP of the entire North American Continent. What idiot could believe such nonsense?

McAfee had already U-turned on his price prediction earlier this year, when he claimed it was a “ruse to onboard new users” that worked. At the time, he said Bitcoin was “ancient technology” and compared it to Ford’s Model T, questioning whether it could have been the future of cars.

In April, McAfee responded to a user on Twitter by claiming bitcoin is “worthless,” despite making his price prediction back in 2017.  McAfee has since then been criticized for making various price predictions he got wrong – including for altcoins – while some have defended the value of BTC on his feed.

According to The Verge, in 2018 McAfee revealed he charged $105,000 for a promotional cryptocurrency tweet. His promotional crypto tweets started after he unexpectedly helped the price of Verge (XVG) surge with a tweet.

Featured image via Unsplash.