Binance, one of the world’s most prominent cryptocurrency exchanges has been hacked. Media reports announced that hackers have stoled $40 million from the exchange.
The stolen amount is equal to 7,000 Bitcoins. Not only did the hackers steal the staggering amount of the “people’s currency”, but they also stole API tokens and two-factor authentication codes.
The hackers used a variety of techniques, including phishing, viruses and other attacks. The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.
The hack was targeted at several high net worth “accounts”, whose Bitcoins were stored in hot wallets, rather than cold ones. The difference is: hot wallets are actually connected to the Internet and can become the target of hackers.
The breach happened on May 7th, 2019, when hackers stole the 7,000 bitcoins from one hot wallet and moved the coins around in smaller wallets, a move that happened in only one single transaction.
Binance is one of a handful of crypto exchanges that have invested heavily in infrastructure and security protocols and adhered to high standards of operation, which would easily pass muster, if and when regulators would ever perform a compliance audit. It is, without a doubt, one of the industry’s best exchanges, and if it can be brought down in such a fashion, then what does that mean for the rest of the 250 or so exchanges scattered about the globe?
This breach was actually the first for Binance, which disclosed that the cyber-crooks had targeted the company’s “Hot Wallet”, which contained 7,000 Bitcoins. The crooks also must have been extremely patient, waiting for the best possible moment to abscond with the funds.
As a testament to how well this organization is managed, CZ and his team had contemplated the possibility of a potential breach in the future and implemented a special internal quasi-insurance fund to provide for such a contingency. The Secure Asset Fund for Users (SAFU) has been funded over the years by 10% of every trading fee collected. As a result, the loss has already been covered, but, hopefully, an investigation will lead to further recoveries down the road.
Per another part of the company’s statement:
Binance will use the #SAFU fund to cover this incident in full. No user funds will be affected. We must conduct a thorough security review. The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK. We will post updates frequently as we progress.
Nevertheless, Zhao warned his clients to be ever vigilant going forward:
Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.
Binance is also unique in the fact that it does not deal in fiat currencies. Its business model has been to deal only in “crypto-to-crypto” trades, and, as such, it offers a multitude of crypto combinations on its platform. Perhaps for this reason alone, lesser tokens than Bitcoin did not react well to the news, falling anywhere from 4% to 10%. BTC, on the other hand, in today’s trading ramped up another 3.5% to $5,900.
But it was a sad day for Binance, CZ, and the crypto industry. Hot Wallets, no matter how thick the firewall or protections taken, are, by definition, connected to the Internet and thereby vulnerable to compromise by today’s modern cyber-criminal. Binance will survive, and CZ will make the necessary improvements, but as one of his friends in the industry quipped: “You are no longer a virgin.”
While the news is certainly grim for the affected parties, the good news is that the stolen amount of bitcoins represent only around 2% of all bitcoin holdings that Binance has. In addition, as reported by press, the lost amount will be covered by Binance’s Secure Asset Fund for Users.
Off the back of news, here are some commentary from industry experts:
Tara Annison, Technical Product Manager of the PR9 Network, commented:
Binance is arguably one of the biggest honey pots for hackers, having an abundance of alt coins which are easier to liquidate, plenty of trading volume, and lots of retail users who could fall foul of social engineering attempts. This particular hack shows that attackers are using ever more sophisticated methods across a wider range of attack vectors, thus reinforcing the importance of firms keeping up with these new methods and ensuring their security approaches are proactive rather than reactive.
Traders have continued to put their trust in exchanges, primarily due to convenience and need, but also because decentralised alternatives are not yet a mature proposition. However, as this recent hack has shown, even well established and reputable exchanges like Binance can be susceptible to an attack. It is worth noting that Binance only keep a reported 2% of funds in hot storage (vs their cold storage holdings) and do appear to have a number of attack mitigations in place – so this attack could have been far worse had they not had this in place.
Hopefully this will encourage exchanges to be extra vigilant and keep improving their security methods. For crypto-holders it should be yet another reminder to ensure long term holdings are in secure cold storage and trading funds are kept across a number of venues to reduce the impact of an exchange hack.
Ozan Salih, Co-founder and Chief Operating Officer of Vo1t, said:
Exchanges play a key role in the crypto ecosystem and, for many, it is the most convenient way to buy and sell assets. However, people are often unaware of the risks associated with security breaches and what this might mean to them. Despite all the media coverage and reported cases, It is still very easy to assume it will never happen to an individual, and people will continue to use exchanges based on their risk appetite and their perception of a trusted service provider, sometimes buying into the false notion of ‘too big to fail.
This incident will undoubtedly have a negative impact on the reputation of the industry and there needs to be reassurances, especially from major players in the space, to address genuine concerns over security and ongoing threats posed by hackers.
Jay Zhou, CMO of Loopring, the open-source protocol for building decentralized exchanges, added:
Security vulnerabilities exist even in the world’s largest centralized system. This is not just a technical matter, it can also be heightened by internal control and governance flaws. If you deal with large assets, you will be a bigger target for hackers, and by default will be exposed to increased security costs.
Hackers target the world’s largest exchanges and now it’s Binance’s turn as they expose their vulnerabilities to the world. Nevermind making Binance Chain and the Binance’s DEX open source, it is time for centralized exchanges to integrate on chain settlement with off chain order management, so that these risks can be fundamentally resolved.