Hackers stole more than 7,000 bitcoin from crypto exchange Binance, the world’s largest by volume, the startup reported Tuesday.
Binance announced that a “large scale security breach” was discovered earlier on May 7, finding that malicious actors were able to access user API keys, two-factor authentication codes and “potentially other info,” the exchange’s CEO, Changpeng Zhao, said in a letter. As a result, they were able to withdraw roughly $41 million in bitcoin from the exchange, according to a transaction published in the security notice.
The disclosure comes hours after Zhao tweeted that the exchange was undertaking “some unscheduled server maintenance,” writing that “funds are #safu.” After the disclosure announcement, Zhao tweeted that the exchange would “provide a more detailed update shortly.”
The exchange may not yet have identified all impacted accounts, he said. And according to Binance’s statement, the breach only impacted Binance’s hot wallet, which contains roughly 2 percent of the exchange’s total bitcoin holdings.
“All of our other wallets are secure and unharmed,” he said, adding:
“The hackers had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
The withdrawal triggered internal alarms after it was executed, and Zhao said the exchange froze withdrawals following the discovery. While deposits and withdrawals will remain suspended for the next week, trading will be re-enabled, though he cautioned that “the hackers may still control certain user accounts.”
Binance will conduct “a thorough security review” encompassing its systems and data during the next week.
The exchange will use its Secure Asset Fund for Users (SAFU fund) to cover the loss, which won’t impact users, according to the notice.
The fund consists of 10 percent of all trading fees absorbed by the exchange, and was initially launched to protect Binance’s users “in extreme cases,” according to a previous notice. It is stored in its own cold wallet.
“In this difficult time, we strive to maintain transparency and would be appreciative of your support,” Zhao said Tuesday.
He concluded the note by saying he would participate in a previously scheduled Twitter “ask-me-anything.”
Prices have so far responded with bitcoin, the world’s premier cryptocurrency, dropping $290 alongside most other cryptocurrencies, which are down between 1-10 percent at press time.
Litecoin and ether both experienced between 4-6 percent losses while bitcoin managed to resume in the green, thanks largely to its bullish rally yesterday that saw prices reach as high as $5,972 on the Coinbase exchange.
Binance’s native crypto, Binance Coin (BNB), is also down 8.05 percent and unable to escape the controversy from today’s news.
BNB’s price is continuing to search for a bottom after it broke from a range it had held for 18 days between $22 and $25.40, with a new all-time high at $26.44 on May 3.
Sebastian Sinclair contributed reporting.
CZ image courtesy Binance