Binance, one of the leading cryptocurrency exchange operator’s, reported earlier and revealed that it lost the sum of 7,000 BTC ($40 million) in a major security breach on May 7. In a statement published earlier today, the company disclosed that the hackers were able to get users API keys, 2FA codes and possibly other not yet identified information using various techniques including phishing, and viruses. Although the hack affected just one transaction, the hackers were able to withdraw 7000 BTC from the BTC hot wallet, which Binance says had only 2 percent of their entire BTC holdings. According to Binance, all other wallets were not affected in the hack and remain secure.
The hack may prompt Binance to push more users to Binance DEX, its recently launched decentralized exchange. The DEX, which was planned for launch ever since the company whitepaper, provides non-custodial and extra security for concerned users, yet the assets supported are still limited.
Temporary Restrictions
In the meantime, although trading remains active, all deposits and withdrawals have been paused to allow the exchange to carry out a comprehensive security review which is estimated to last up to a Week. Binance CEO Zhao that users should be wary as hackers may still be in control of some accounts and may attempt to influence pricing. In his words: “Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”
Binance Largely Unaffected
According to Zhao’s statement, the loss will not impact users as the exchange will be using its Secure Asset Fund for Users (SAFU) to cover the loss. SAFU is a Binance fund which was launched to protect users of the exchange ‘in extreme cases’ and is funded by 10 percent of all trading fees charged by the exchange. Zhao also pledged to ‘maintain transparency’ throughout the security review and investigation and go ahead with a previously scheduled Ask Me Anything (AMA) on Twitter.
In response to the hack, founder of Tron, Justin Sun in a tweet pledged to deposit the equivalent of the stolen BTC as a show of support to Binance.
To support @binance , I will personally deposit 7000 BTC worth USDT (40 million USDT) into @binance to buy $BNB, $BTC , $TRX & $BTT if @cz_binance agrees. No need to #FUD! Funds are #SAFU!
— H.E. Justin Sun 孙宇晨 (@justinsuntron) May 8, 2019
Zhao has however declined the offer, saying the insurance fund was more than enough to cover the loss. He also offered his thanks to other crypto exchanges including Coinbase who pledged to block deposits coming from the hacker’s addresses.
According to @Coinfirm_io analysis the @Binance hacker has recently moved over 1214 #BTC (~$7.16M) to new addresses
But almost 5786 BTC (~$34.14M) still sit on the #Binance hackers original addresses
More exclusive insights coming!https://t.co/CdRIXAT8dC pic.twitter.com/YUVrHeVOhn— Coinfirm (@Coinfirm_io) May 8, 2019