Binance, global cryptocurrency Exchange Company provides a platform for trading more than 100 cryptocurrencies, has released a report according to which attackers stole 7000BTC from their network. At the time of writing, this values worth up to $41M. Later on, it increased by 2% of the total Binance network and thus the total sum 7,074 BTC loss overall to company due to the attack.
The CEO of the company, Changpeng Zhao, has reported that the data breach was discovered on 7th of this month. He added, the first time the company is experiencing such a big loss. The company manages to identity the transaction. According to it, the hackers transformed the money to a single wallet. It has ensured that the all other Bitoin are safe and will be in the future as well. But the bad news is that, as the company has added, there might be more infected accounts that have not discovered yet.
The reason of the attack
It appears that the attack was happened through mixture of different techniques, that include the malware and phishing techniques that allow collecting the important information such as API keys, two factor authentication details, and unidentified sensitive data.
Researchers also found that the attackers might launch some action to target the company security system and software:
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
Binance requests the patience to have waited until security check is finished, which is scheduled with a week. Till then, the customers’ deposit and withdrawals will remain suspended. Here, some advise that the different customers should follow for the safety:
- Reset your 2FAs
- Traders should change the API keys
- Hackers are guessed to be in the market place, thus recommendation is clear to be careful
Affected users will be refunded
Secure Asset Fund for Users (SAFU) will refund all the users who experience the loss. This is an internal insurance mechanism of the company.