One of the world’s largest cryptocurrency exchanges has fallen victim to a large scale heist.
Hackers have stolen $41m worth of Bitcoin and other cryptocurrencies forcing Binance to suspend withdrawals on the platform.
Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. Furthermore, the hackers used a variety of techniques, including phishing, viruses and other attacks to breach the hot wallet.
However, Binance stated that the team is still considering other methods used. It’s quite possible that there may be accounts breached that have not yet been identified.
In one single transaction, the hackers were able to withdraw 7000BTC. The hot wallet held around 2% of Binance’s holdings.
Hackers are continually using more sophisticated methods to attack lucrative exchanges. They only need to be lucky once, meaning exchanges like Binance should always be on guard with prevention technology.
However, the company noted that the hackers “had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.
“It was unfortunate that we were not able to block this withdrawal before it was executed.”
Binance was not able to block the withdrawals but immediately blocked all others once they realised what had happened. In addition, Binance stated that it will refund the stolen cash with the help of its emergency insurance fund.
Binance exchange heist: one of many plagued by hackers
Cybersecurity is an absolute necessity today for the entire financial industry. The Binance exchange heist is sadly one of many successful attacks over the past few years – one wonders why consumers are loading off millions in these exchanges without any decent insurance.
In its statement, Binance said: “We must conduct a thorough security review. The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK. We will post updates frequently as we progress.
“In this difficult time, we strive to maintain transparency and would be appreciative of your support.”
Storage has always been a critical element of conserving assets. As money slips into the digital world, organisations need to find ways to digitally secure alternative assets such as crypto and ICOs, and if the past few months have taught us anything, it is that managing cryptocurrency is not an easy thing to do.
One of the biggest attacks in Japan was on cryptocurrency exchange Zaif in September 2018. Of the $60m stolen, around $19.6m belonged to the exchange and the rest was client money.
In addition, in December 2018, the cryptocurrency world was hit by another unexpected hurdle. Gerald Cotton, founder of crypto exchange QuadrigaCX, died suddenly in India. He was the only person who knew the password to the exchange’s cold-storage system, meaning it may never be able to repay close to $190m in client holdings.
It’s clearly time for investors to rethink where they are placing their assets. Until the instability of exchanges is brought under control there is serious cause for concern.