The thieves bade their time before running off with more than 7,000 Bitcoin ‘in one fell swoop’.
Binance, one of the world’s largest cryptocurrency exchanges, has revealed that it’s fallen victim to a major security breach in which hackers made off with some US$41 million worth of Bitcoin.
Several methods, including phishing attacks and malware deployment, were leveraged for the robbery, which was discovered on Tuesday. According to a notice by Changpeng Zhao, the founder and CEO of the exchange, the ne’er-do-wells got ahold of a large number of user API keys and two-factor authentication codes before capping their campaign with the theft of 7,074 Bitcoin from the company’s Bitcoin hot wallet via a single transaction.
“The hackers had the patience to wait and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks,” said Zhao.
He noted that still more user accounts may have been accessed by hackers, as there may be “additional affected accounts that have not been identified yet”.
“It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” he added.
The hot wallet, which is connected to the internet and used to carry out transactions, stored roughly two percent of the company’s Bitcoin holdings. All other wallets are “secure and unharmed”, said Zhao.
All deposits and withdrawals are still suspended, and will remain so until a thorough a security review of the exchange’s systems and data is completed. The review is expected to take a week.
Binance has pledged to cover user losses from the Secure Asset Fund for Users (SAFU), which is its emergency insurance fund.
Cryptocurrency exchanges have long been among favorite targets for digital thieves. Bithumb, another major cryptocurrency platform, lost nearly US$20 million just weeks ago in what was said to be the work of rogue insiders.
written by Tomas Foltyn, ESET We Live Security