Hackers have hacked Binance, the largest cryptocurrency exchange in the world, and made away with over 7,000 bitcoin worth $41 million in a single transaction.
On Wednesday, Binance chief executive officer Zhao Changpeng revealed in a post available on the company’s website that the hackers employed a variety of techniques such as viruses, phishing, and other attacks to withdraw the coins.
“We have discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info.
The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” Changpeng said.
The hackers chose to empty Binance’s hot wallet, which contained 2% of the exchange’s total holdings, instead of its main bitcoin vault. Cryptocurrency exchanges use hot wallets for customer transactions. Hot wallets are connected to the Internet and hence are susceptible to the threats that hackers pose, which is why they are called ‘hot’.
Binance said hackers managed to obtain some important user information including two-factor authentication as well as other information needed to access accounts on the website.
However, the attackers were not able to breach Binance’s cold wallets. Cryptocurrency exchanges prefer to store most of their customers’ digital currencies in cold wallets because there is zero chance of anyone hacking them.
In its official statement on Wednesday, Binance revealed that the hackers structured the transaction in a way that passed the website’s existing security checks. “It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” Binance said.
In the meantime, Binance has halted all withdrawals and deposits though trading will continue. In addition, the company said that no users’ funds will be affected and promised to cover the incident in full.
The exchange has also cautioned users that attackers “may still control certain user accounts and may use those to influence prices.” Bitcoin price has climbed nearly 9% in the last one week.