Cryptocurrency exchange Binance has disclosed that hackers stole 7,000 Bitcoin, amounting to $40 million. The company said hackers employed several different methods, including viruses and phishing.
“Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info,” Binance said in a statement, in which it described the incident as a “large scale security breach.”
The coins stolen were in Binance’s “hot wallet,” which, fortunately, contained just 2 percent of its total Bitcoin holdings.
“All of our other wallets are secure and unharmed,” the company said.
Customer funds won’t be affected
Binance added that the hackers “had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.”
The company said the one-time transaction was “structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system.”
In the wake of the breach, Binance immediately suspended withdrawals and deposits for its customers. Withdrawals and deposits will remain suspended until after the company’s security review is complete.
The company’s CEO Changpeng Zhao estimates that the investigation will take up to one week. In the meantime, trading will remain open.
“Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime,” Zhao noted. “We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”
The firm says customers won’t personally be impacted by the incident since it will use its emergency insurance fund.
“Binance will use the #SAFU [Secure Asset Fund for Users] fund to cover this incident in full. No user funds will be affected,” the company said.