Leading cryptocurrency exchange Binance suffered a major hack on Tuesday, May 07, in which it lost 7000 BTC, worth around $40 million, to hackers.
Providing the details on the security breach, Binance said that hackers were able to access a large number of user API keys, 2FA codes, and potentially other info, using various techniques, including phishing, viruses and other attacks.
Importantly, the hackers stole 7000 BTC in one transaction, Binance said, adding that it affected only its BTC hot wallet, which contained about 2% of its total BTC holdings.
“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” Binance said.
The exchange assured its users that their funds would not be affected due to this incident and said that it will use the Secure Asset Fund for Users (SAFU fund) for fully covering the losses.
Thanks for the support, really appreciate it. But currently no need. We will cover the loss from the #SAFU fund, there is enough. We are hurt, but not broke.
— CZ Binance (@cz_binance) May 8, 2019
We are working hard to resolve the issue, so that everyone can deposit and withdrawal again. Will take some time. https://t.co/0j4J0fk99W
Binance has suspended deposits and withdrawals and will conduct a thorough security review of all parts of its systems and data.
Following the incident, Binance founder and CEO Changpeng Zhao hosted an Ask-Me-Anything live session and said that they were considering whether to push for a rollback on the bitcoin network, CoinDesk reported.
“To be honest, we can actually do this probably within the next a few days. But there’re concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin.”
However, in a series of tweet, Zhao said that they have decided against the re-org:
After speaking with various parties, including @JeremyRubin, @_prestwich, @bcmakes, @hasufl, @JihanWu and others, we decided NOT to pursue the re-org approach. Considerations being:
— CZ Binance (@cz_binance) May 8, 2019
pros: 1 we could "revenge" the hackers by "moving" the fees to miners; 2 deter future hacking attempts in the process. 3. explore the possibility of how bitcoin network would deal with situations like these.
— CZ Binance (@cz_binance) May 8, 2019
cons: 1 we may damage credibility of BTC, 2 we may cause a split in both the bitcoin network and community. Both of these damages seems to out-weight $40m revenge. 3 the hackers did demonstrate certain weak points in our design and user confusion, that was not obvious before.
— CZ Binance (@cz_binance) May 8, 2019
cons: 4 While it is a very expensive lesson for us, it is nevertheless a lesson. it was our responsibility to safe guard user funds.
— CZ Binance (@cz_binance) May 8, 2019
We should own up it. We will learn and improve.
As always, thank you for your support!
Following the hack, BTC/USD dropped by nearly $300 dollars, after it hit a high of $5974 (Coinbase) on May 07. The pair closed at $5748 on Tuesday and is currently trading at $5838 at the time of writing.