Europe-based cryptocurrency exchange Binance has confirmed a “large scale” data breach. Hackers stole more than ₹280 crores ($40 million) worth of crypto assets, the company said in a statement to TechCrunch. API Keys, two-factor codes and other information was compromised in the attack.
More than 7,000 bitcoins were transferred to a single wallet after the hackers stole the contents from the company’s bitcoin hot wallet. Binance is the world’s largest cryptocurrency exchange by volume. The theft had impacted as much as 2% of Binance’s total bitcoin holdings. The company confirmed that all other wallets are secure and unharmed.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the statement read. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement said.
The crypto-exchange startup said that its secure asset fund for users (SAFU) will cover user losses. The company has suspended all deposits and withdrawals until the investigation is complete. However, trading will remain open. Changpeng Zhao, the chief executive of the firm will start a Twitter AMA session in upcoming hours.
In response to questions about potentially issuing a rollback, Zhao said “to be honest we can do that probably within the next few days but there are concerns that if we were to do a rollback on the bitcoin network on that scale, it may have some negative consequences in terms of destroying credibility for bitcoin, so our team is still deciding on that and running through the numbers and checking everything. We will try to maintain very high transparency.”
Mr. Zhao provided more details and said that the hack was advanced and executed very patiently. The hackers waited until they had a number of high net worth accounts. Binance is set to cover the bitcoin loss without any exterior help. However, the company is yet to find out how many users were actually affected.
Binance is in talks with other exchanges to block the deposits from hacked addresses. In less than a week, Binance will resume withdrawals and accept deposits. The company wants to completely eradicate any trace of hackers in their accounts. Zhao has encouraged everyone to change their API keys and two-factor authentication.