Leading cryptocurrency exchange Binance announced May 7 the discovery of a “large scale security breach” leading to malicious actors being able to access user API keys, two-factor authentication codes and “potentially other info.”
According to a transaction published in the security notice, the unknown hackers were able to withdraw 7,074 BTC (over $41 million at the current exchange rate).
Not the best of days, but we will stay transparent. Thank you for your support!https://t.co/Y1CQOatEpi
— CZ Binance (@cz_binance) May 7, 2019
Binance’s statement say that the above transaction is the only affected transaction. It impacted the exchange’s BTC hot wallet only (which contained about 2% of Binance total BTC holdings). All other wallets are said to be secure and unharmed.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” reads the post.
The disclosure came just a few hours after Binance’s CEO Changpeng Zhao tweeted that the exchange was undertaking “some unscheduled server maintenance,” claiming that “funds are #safu.” After the hack announcement, Zhao added that the exchange would “provide a more detailed update shortly.”
The exchange will use its Secure Asset Fund for Users (SAFU fund) to cover the loss, which won’t impact users, according to the notice. The fund consists of 10 percent of all trading fees absorbed by the exchange, and was initially launched to protect Binance’s users “in extreme cases.” It is stored in the exchange’s own cold wallet.
“In this difficult time, we strive to maintain transparency and would be appreciative of your support,” added Zhao.
Notably, during an Ask-Me-Anything live session on Wednesday Changpeng Zhao said the team considered pushing for a rollback on the Bitcoin network, which would require pushing for consensus from major miners and mining pools to gather over 51 percent of the network’s total hashing power.
“To be honest, we can actually do this probably within the next a few days. But there’re concerns that if we do a rollback on the Bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for Bitcoin.”
He added that he has also seen a lot of people objecting to rollbacks since there are the “ethical and reputational considerations for the Bitcoin network.”
Shortly afterwards, however, Zhao stated that after speaking to various parties, it was decided not to pursue the re-org approach:
— CZ Binance (@cz_binance) May 8, 2019
He added, that it is simply “not possible” since “Bitcoin ledger is the most immutable ledger on the planet.”
Subscribe to our Newsletter
View original post