Hackers managed to steal 41 million dollars worth of bitcoin from cryptocurrency exchange Binance. Over 7000 BTC was stolen, because hackers gained access to user API keys, 2-factor authentication codes and ‘potentially other information’. Even though this is not the biggest hack of the year in terms of stolen value, it is a hack on the biggest exchange on the market.
The hack was discovered on Tuesday May 7th, just moments after hackers managed to steal millions worth of bitcoin. The money comes from Binance’s hot wallet, which is a wallet that’s actively being used. It contains approximately 2 percent of Binance’s wealth.
Earlier on Tuesday Changpeng Zhao tweeted that the exchange was doing ‘some unscheduled server maintenance’ and that ‘funds are #safu’. Safu is an insider joke, and it means ‘safe’. However, funds were not safe and the exchange lost millions. Binance declared it would fully reimburse all users that lost money because of the hack.
Despite internal security checks, the hackers were able to bypass existing checks. The withdrawal did trigger internal alarms after it was executed. But at that moment it was already too late. Withdrawals and deposits have been frozen, and will be frozen for the time being. The hackers might still control certain user accounts.
The fact that the hack happened on Binance‘s regular exchange is shocking to some extend. But it does underline the need for better security, both from the business side and the user side of things. Decentralized exchanges are key in this, as users don’t deposit money on the exchange but control private keys and codes themselves. This minimizes the risk of a large scale hack like the one that now happened to Binance, and happened to Cryptopia earlier this year.
Also published on Medium.