Binance suffers over $40M BTC worth loss due to a hack

Losses seeking up to $41 million in Bitcoin have been brought to Binance by hackers

$40M in BTC stole from BinanceBy launching malware-related and phishing techniques, hackers stole more than 7000 BTC from Binance

Binance, one of the biggest cryptocurrency exchange companies, has released a report[1] saying that unidentified attackers stole 7000 BTC, worth up to $41M at the time of writing, from its network. Later on, the loss was increased to 7,074 BTC,[2] worth around 2% of the total Binance network. The CEO, Changpeng Zhao,[3] has reported that a data breach was discovered on the 7th of May. The company claims that this is the first time they are experiencing such a big loss.

Binance has also announced that hackers transferred the money to a single wallet and they have already identified the transaction. Unfortunately, while the company has ensured that all other Bitcoin wallets are safe and will remain so in the future, it has added that there might be more infected accounts that haven't been discovered yet.

Malware and phishing techniques used to carry out the attack

It seems that the cybercriminals used a mixture of different techniques, including malware and phishing to access various important information such as:

  • two-factor authentication details (2FA)
  • API keys
  • unidentified sensitive data.[4]

Continuously, the research found that the bad actors launched actions to bypass the company's security systems and software:

The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.

Binance is planning to perform a full system and data check in one week

Binance asked users to be patient until the security check is finished. Within the one-week period, computer specialists should finish checking various system directories and ensure full network protection. Till then, customers' deposits and withdrawals will remain suspended. The ongoing progress should be registered by the company that promised to post regular updates.[5]

Additionally, users are highly recommended to reset their 2FAs. Additionally, traders who are using API should change their keys immediately. Finally, staying more careful is also recommended as there is a slight possibility that the hackers might still have control of some accounts and might manipulate market prices. Gladly, such a risk is very low, according to technology specialists, as the withdrawals have already been deactivated.

However, it seems that the most important question after such a hack is will the affected users be refunded. The answer is yes – the organization has an internal insurance mechanism, also known as Secure Asset Fund for Users (SAFU),[6] that will refund all users that have experienced losses.

Additionally, Binance claims that users who have interests and relevant questions relating to this attempt can contact the company and ask whatever they want in the previously scheduled Twitter AMA.[7]

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions