Leading cryptocurrency exchange Binance has reportedly suffered “a large scale security breach” that affected the exchange’s hot wallet and saw the exchange lose more than 7,000 BTC (worth about $40 million) in one transaction.
According to a statement released by Binance, the hack was discovered on Tuesday evening May 7th, in which hackers were able to get access to a “large number of user API keys, 2FA codes, and potentially other info.” As has become the norm of reporting a security breach, Binance, through its co-founder and CEO Changpeng Zhao (CZ) reported on Twitter that it is undertaking “some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours.” And later they reported on the amount stolen and the extent of the attack.
According to the Binance report, the hackers may have used a range of techniques to access the user APIs and 2FA codes including phishing attacks and computer viruses. They managed to access funds held in hot wallets which according to Binance represents about 2% of the total funds held by the exchange. The hackers were unable to access the funds held in cold storage. “All of our other wallets are secure and unharmed.”
For the affected accounts, Binance has already announced that it will use its emergency fund the Secure Asset Fund for Users (SAFU fund) to compensate for any loses. This fund consists of at least 10% of all trading fees absorbed by the exchange and was created to protect the exchange’s users in the event of “in extreme cases,” such as hacks. The SAFU funds are stored in a cold storage of its own.
The security update statement says in part that,
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
In an early Wednesday morning AMA hosted by CZ, with the intention of answering the community’s questions, revealed that his team was considering a reversion of the Bitcoin network to invalidate the transaction. However, this will require a network-wide consensus from the miners but especially from the community at large.
Such a decision could cause a rupture within the community similar to what happened to Ethereum in 2016. A security incident that saw the loss of several ether coins during the launch of the DAO saw the community split between those that were in support of a rollback and those that were against. This decision led to the split of the Ethereum network into the Ethereum and Ethereum Classic networks.
“To be honest, we can actually do this probably within the next a few days,” said CZ in the AMA but added his reservations about the process. He said that “there’re concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin.”
However after talking to the possible parties involved if this reversal occurred, has announced that it will not take place. As we can see in this tweet:
To put this to bed, it’s not possible, bitcoin ledger is the most immutable ledger on the planet. Done. https://t.co/rKLBCEZmgp
— CZ Binance (@cz_binance) 8 de mayo de 2019
The great friend of Changpeng Zhao, Justin Sun has also wanted to lend his help on this occasion, offering to make a deposit of 7,000 BTC, almost all stolen. CZ has been grateful for the gesture, but has responded that it is not necessary, as they will use the SAFU fund to cover these incidents.
Applauding Binance’s incidence response procedures, Dave Jevans, CEO of blockchain analytics firm CipherTrace said that,
“Binance responded quickly to the hack and was very transparent about the ordeal. It is a shining example in the industry of rapid response, full transparency and a solid financial model for reimbursing customers from hacks.”