According to Binance, hackers were able to obtain a large number of user API keys, 2-factor authentication codes and potentially some other information as well.
The hackers used a variety of techniques including phishing, viruses and other forms of attack. This is not the first time that API keys have been exploited on Binance but the first time they didn’t get bitcoin out. As a result of this intrusion, the hackers were able to withdraw 7000 bitcoins which are worth $40 million.
The hack has only hit Binance’s bitcoin hot wallet which contained about 2% of their total BTC holdings and in the light of the hack makes you realize just why exchanges keep only a small percentage of holdings on hot wallets.
Binance has reported that all of their other wallets are secure and are unharmed. In the event that something with that statement changes over the coming days and more wallets are found to be compromised, we will update this story. However, at the moment it is being reported that only this wallet has been effected with other major wallets such as Ethereum being safe.
The 98% of bitcoins that were not hacked sits in cold wallets which of course has multi-signature withdrawals set up on them. So they should, of course, remain very safe at this time.
Some people are freaking out for some reason but to keep it real, there are of course some hardcore Binance haters out there who just want to see Binance burn.
Looking at the markets, it seems that the markets are not reacting very much at all. At the time of publication, bitcoin is still over the $5800 support level and only down by around 1% in the last 24 hours. However, the Binance Coin or BNB is down by more than 5% which is a genuine movement keeping in mind the hack.
Let’s start off with Mt.Gox hack which led the hackers to steal a million bitcoin. The second hack which actually brought Mt.Gox down, the hackers took 150,000 bitcoin. More recent examples are the 2016 Bitfinex hack which led to 120,000 bitcoin being stolen resulting in 36% bail-in from exchange users. However, the real action happened in 2018 when we saw more than $1.1 billion in cryptocurrency getting hacked on exchanges.
If you have or had your bitcoin on Binance, are you now out of pocket? No.
Binance will be using the SAFU fund to cover this incident in full. Therefore, no user funds will be affected by this $40 million hack which of course is a pretty awesome move by the exchange and far cry from Bitfinex and their 2016 bail-in where users had to put up their own funds in order to cover the corporate losses.
The SAFU fund was established last year and took a small part of trading fees (10%) and put them in a safe wallet as an insurance fund if something like this happened. The move is truly paying off dividends for the exchange.
So far, the hack has been handled by the exchange quite transparently. There is an open dialogue happening with the community which is definitely a very good thing. Only hours after this happened, Binance took to social media saying basically what had happened and trying to communicate with customers.
Binance will be conducting a security review which will include all parts of their systems and data which for such a large exchange is surely going to take a while. So deposits and withdrawals will be disabled for up to a week. However, the trading will remain active on the exchange.
Justin Sun, the founder of TRON personally posted on twitter he wants to help and support Binance by depositing 7000 BTC worth of USDT on binance which will be worth the same amount of hacked funds and buy BNB, BTC, TRX, and BTT if Changpeng Zhao (the founder of Binance) agrees. However, Changpeng Zhao responded by saying that the exchange is hurt but not broke and they are going to cover the losses through their $SAFU fund.
Centralized exchanges will always stay vulnerable. Even the best practices can be overcome. The full-time job of hackers is to try and overwhelm the fences and if they succeed, they get millions of dollars. It is always recommended to keep only a small percentage of your total crypto portfolio on centralized exchanges for trading and keep the rest in your hardware wallets.