The hack of another
“We have discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.” reads a data breach notification published by Binance.
“The hackers were able to withdraw 7000 BTC in this one transaction: https://www.blockchain.com/btc/tx/e8b406091959700dbffcff30a60b190133721e5c39e89bb5fe23c5a554ab05ea“
The hack was discovered on May 7, when
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks,” Zhao added. “It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
Binance is investigating the incident and is conducting a thorough security review of its systems. The process will take about one week during which the company will provide updates frequently and as temporary measure deposits and withdrawals will be suspended.
“We will continue to enable trading, so that you may adjust your positions if you wish. Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime.” concluded Zhao. “We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets,”
According to Zhao, other exchanges, including CoinBase, will block deposits from the bitcoin addresses used by the hackers in the attack.
Binance is only the last cryptocurrency exchange in order of time to suffer a security breach. Hackers managed to steal a total of hundreds of millions of dollars from several platforms, including Bithumb, Bitfinex, Coinrail, Coincheck, and Zaif.