It is one of the most important crypto marketplaces worldwide. Now the Binance Exchange has to admit the loss of 7000 Bitcoins. Users’ credit balances should be secure – but the hack still has consequences for them.
“I look exhausted” and “I haven’t really slept the last 29 hours”: A current Twitter video by Changpeng Zhao begins with these sentences. He is the head of the popular crypto exchange Binance and does in the article what you never really want to do as the head of a crypto exchange: admit a bigger security gap. Say that their own platform was tricked by hackers who acted “very patiently” and were thus able to take over many user accounts, among other things.
Binance also announced in a press release on Wednesday night that it had discovered a major security problem on Tuesday. Among other things, hackers could have picked up codes used to secure accounts during two-factor authentication – as well as API keys that can be used to connect Binance to third-party programs such as crypto apps. “The hackers used a variety of techniques,” writes Binance, “including phishing and virus attacks, but also other attacks.
It is said that 7000 Bitcoins – which at that time had a value of a good 40 million dollars – had been transferred from a so-called Hot Wallet of the company (to be understood here via Blockchain.com). Hot wallets are usually crypto wallets that are connected to the Internet – in contrast to so-called cold wallets. The Hot Wallet contained around two percent of the Bitcoin credit balance of the exchange, the transfer of the 7000 Bitcoins could not be stopped in time – which is a problem as confirmed Bitcoin transactions cannot be reversed.
More on BTC
Binance is one of the world’s most popular crypto exchanges. The company was founded in China, but is now based in Malta, among other places. Like other crypto exchanges, Binance enables users to easily trade crypto currencies such as Bitcoin, Ether and Ripple. Real-money deposits by credit card are also possible. However, the crypto credit balance that users have in their accounts is practically always available on the stock exchange – unlike when users manage their crypto currencies themselves and under their own responsibility.
“Injured”, not broke
Binance emphasizes that the stock market balances of Binance users are not affected by the incident. A fund set up for emergencies called Secure Asset Fund for Users (SAFU) will be used to cover the loss. According to the platform, ten percent of all transaction fees received by Binance have flowed into the fund since July 2018. According to Binance, the fund’s money is in a cold wallet. One is “injured”, but not broke, Changpeng Zhao wrote on Twitter.
As Changpeng Zhao also says in his video, the hackers succeeded in tricking the stock exchange into carrying out security checks. Binance now wants to carry out a security check on its system. It is expected that neither withdrawals nor deposits will be possible on the platform for a week. A press release says: “Please understand that hackers may still be controlling some user accounts in the meantime and using them to influence prices”.
- In his Twitter video, Changpeng Zhao advises users of his exchange to rebuild their two-factor authentication and API key.
- In principle, a password change would also make sense – possibly on other websites, too, if they used the same password as Binance (which is not recommended).
As a rule, Binance users should be suspicious and cautious these days – as they are elsewhere – if they are contacted by alleged Binance support staff, for example in forums or chat groups. These are fraudsters. In view of the news of the hack in particular, criminals could have a good chance of persuading unsettled users to provide them with account access data, for example.