Binance hot wallet hacked, over 7,000 Bitcoin ($41 million) stolen
Deposits and withdrawals are expected to be on hold for about a week, compromised accounts may remain.
Binance has been hacked, and at least 7,000 BTC (~US$41 million) was stolen, the exchange announced.
The funds can be seen leaving the Binance hot wallet in this transaction.
How they got in
It's believed the hackers gradually accumulated user information, including "API keys, 2FA codes and potentially other info" through a range of methods including malware, phishing and so on, and then struck all at once.
Binance does not yet know whether it has identified all affected accounts.
The massive withdrawal only tripped the alarms after it happened, at which point Binance blocked deposits and withdrawals. The next step is a thorough security review, which it estimates will take about a week. Deposits and withdrawals will remain suspended for this time.
Trading continues on Binance, although the exchange cautions that the hackers may still have access to some accounts which they might use to try to manipulate markets. But the risk is low, it suggests, as long as withdrawals are suspended.
Funds are safu
The Binance cold wallets are not affected, and the loss will be fully covered by the Binance SAFU (Secure Asset Fund for Users) fund. Although there's not much to be done about the damage from resulting market movements.
It's worth noting that just over a year ago, Binance managed to fend off a very similar attack.
In it, hackers compromised user accounts with phishing attacks and other methods, and patiently sat on them just like they did this time, before simultaneously pumping and dumping Viacoin with those user accounts. But that time, the hackers actually lost money in their attack. This time they've come out on top.
The score is now 1-1. Here's CZ with the weather.
Maybe it's a coincidence, or maybe CZ was hinting that the bears were about to get another chance?
Disclosure: The author holds BTC, BNB, ATOM at the time of writing.