Finder makes money from featured partners, but editorial opinions are our own.

Debunked: Binance may have accidentally burnt $40 million in SegWit migration


Picture not described: blockchain-large4.jpg Image: Getty

Initial theories suggested the Binance hack was self-inflicted, but followup events say otherwise.

As the cryptoverse starts diving more deeply into the news of the alleged $40 million Binance hack, a number of strange details are emerging and compelling signs say this was not actually a robbery, but rather a $40 million screw up.

Findings come courtesy of CryptoMedication on Twitter.

A failed migration

The vast majority of the supposedly stolen funds were moved to Bech32 addresses.

SegWit Bitcoin wallets are characterised by Bech32 addresses. SegWit is basically just an upgraded flavour of Bitcoin infrastructure that's better and more user friendly, while Bech32 addresses are the type of Bitcoin wallet that goes with SegWit.

You can immediately recognise Bech32 addresses because they start with the prefix "bc1". So whenever you see funds going into a Bitcoin address beginning with "bc1" you know someone's using SegWit.

Cryptocurrency exchanges want to upgrade to SegWit because it's all-around better, and because users will commonly request it for their own convenience, as well as the good of Bitcoin on the whole. SegWit is more efficient, so more people using it rather than the older versions can help lower Bitcoin transaction fees.

But in order to upgrade, exchanges have to migrate all their Bitcoin from the old addresses to new Bech32 addresses. To do this, exchanges literally have to send money from their own wallets to the new wallets. They're often moving hundreds of millions of dollars, so it's a pretty tense process and is usually done unannounced to avoid inviting trouble.

Coinbase made the migration in December 2018, triggering a mild panic in the process, but Binance was one of the last major exchanges yet to make the SegWit migration.

In fact, in a Q&A session following the news of the "hack", Binance CEO Changpeng "CZ" Zhao responded to someone who asked when SegWit would be arriving, by saying that Binance was still working on it. So if this $40 million loss really was the result of an accident during SegWit migration, CZ may have died a little inside upon fielding that question.

Why the funds are unspendable

Every Bitcoin transaction carries information about the wallets it's going to and from, the reasons you know it's a valid transaction and so on. Without the right information, the Bitcoin can't be spent.

One of the improvements of SegWit is that it rearranges this information and packs it more efficiently. Bech32 addresses are designed to read that information in the new and more efficient way that SegWit arranges it. But if it's not packed correctly, they can't read it.

So when you're sending Bitcoin to a Bech32 address, you need to make sure you're sending it from a type of address that knows how to pack the information correctly. Otherwise it arrives in the Bech32 address without the information needed to be transferred again.

That's what happened here. About 7,000 Bitcoin worth $40 million are now stuck.

It's like the Binance Bitcoin went on vacation but forgot their passport, and now they're stuck in an airport for eternity because border control won't let them out without a passport.

How do we know it wasn't the thief who messed up?

But which is more likely? That a Binance technician makes this kind of mistake when carefully transferring $40 million, or that some dopamine-crazed hacker makes a fatal error while trying to escape with the loot?

Perhaps the latter, but in this case there's evidence that it was the former.

While this isn't conclusive proof that someone at Binance made a mistake, it's a strong sign that it was an unintentional inside job.

This is because when you send money to your Binance account, you're sending it to your own personal Binance address. Once it's in there, Binance's systems automatically sweep it into the same big wallet, but keep track of who it belongs to.

But what happened here is that some of the funds which were supposedly stolen were sent directly back to that big wallet address. Presumably the only people who would ever do this are Binance employees who want to put funds directly in the wallet. Plus there's certainly no reason for a thief to do this.

On the whole, the evidence is pretty compelling. It's not 100% guaranteed and there may be other things to consider, but it's definitely compelling.

It's not clear why Binance would claim it was theft, which is an even worse look than admitting it was just a straight up mistake, but hey, grief makes people do strange things.

On the bright side of things, 7,000 Bitcoin just got burnt. Theoretically that means the rest just got a little bit more valuable.

Disclosure: The author holds BTC, BNB, ATOM at the time of writing.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Get started with crypto

Ask an Expert

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and 6. Finder Group Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site