Binance, one of the largest cryptocurrency exchanges by volume and one of the most trusted, has officially announced that it has been hacked. It’s reporting approximately $40 million in losses, totaling around 7,000 BTC, and is currently blocking both withdrawals and deposits while a full security review is being done on the servers.
Binance Will Cover Losses
According to Binance, despite the large loss, it will all be covered by the site itself through its “#SAFU fund.” Unlike sites where the funds are completely lost or there’s a haircut, or things like Bitfinex and their tokens that were bought back, this will ensure that users are made whole – and helps to minimize the damage of the hack. As for the 7,000 BTC that was taken, they’ve stated that this was their hot wallet balance, equaling approximately 2% of their holdings. That said, users are unable to withdraw at the current time.
Security Review: One Week
It’s been stated that a security review is being done on the site’s servers. CZ has stated the following on behalf of Binance:
“We estimate this will take about ONE WEEK. We will post updates frequently as we progress.
Most importantly, deposits and withdrawals will need to REMAIN SUSPENDED during this period of time. We beg for your understanding in this difficult situation.
We will continue to enable trading, so that you may adjust your positions if you wish.”
Note that this may not be the entire extent of the damage. It’s been stated that hackers can still control user accounts and may use them to influence prices of various cryptocurrencies while deposits and withdrawals are down, and Binance is monitoring accounts closely.
Cause of the Hack
They’ve stated that the hackers were able to “obtain a large number of user API keys, 2FA codes, and potentially other info.” This was done through a multitude of techniques, including phishing, viruses, and other attacks, though they are still trying to analyze to find all methods used. It’s also been stated that there are possibly other affected accounts that they have not identified yet. Through linking withdrawals from multiple accounts, Binance has stated that, “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
More is still developing on this story, and we will keep you updated as information comes to light! As of now, just know that losses do appear to be covered and no haircuts or other methods are currently being used to recoup funds from users themselves.