Changpeng Zhao, CEO of popular cryptocurrency exchange, Binance has confirmed that the platform witnessed a security breach for the first time with the hackers being able to withdraw 7000 BTC ($40 million) in one single transaction. The confirmation came after several leads within the crypto community rumored that such funds had left Binance’s hot wallets before the exchange announced a sudden “unscheduled server maintenance.”
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are #safu.
— CZ Binance (@cz_binance) May 7, 2019
Details of Binance Security Breach
As per the update released by the exchange, the incident took place on May 7, 2019, at 17:15:24 (UTC). The hackers employed a variety of techniques such as phishing, viruses and other attacks to obtain “a large number of user API keys, 2FA codes, and potentially other info,” Binance said.
Moving further, the exchange said the hackers were patient enough to “wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” thus allowing them to bypass existing security checks.
However, the significant transaction triggered an alarm which prompted Binance to begin unscheduled maintenance and pause withdrawals for some hours.
Binance Security Breach — Exchange To Replace Stolen Funds
As a leading cryptocurrency exchange, one would expect Binance to have something stored up for the rainy day, and the platform has not failed in this regard.
Rather than have customers wait for several years to recover stolen funds, Binance said in its announcement that it would use part of its SAFU Fund to replace the losses which totalled $40.4 million according to press time prices. Binance’s SAFU Fund is a self-insurance policy that the exchange put in place for days such as this, allocating 10% of its daily trading fees to the fund.
Meanwhile, the Binance security breach has become the second major crypto exchange hack this year. The other involves New Zealand-based, Cryptopia which happened in January.