Binance suffered a large scale security breach late today, according to a statement. Hackers managed to obtain API keys, two-factor-authentication codes and other information. In addition, 7,000 Bitcoin ($40 million) were withdrawn in a single transaction.
The hackers used multiple techniques, including phishing attacks and computer viruses to get at Binance and its hot wallets, where it keeps funds to manage the day-to-day operation of the exchange. The hackers were unable to access the Binance cold storage—the off-line wallets where the majority of funds are kept. Likewise, individual user wallets were not directly affected.
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are #safu.
— CZ Binance (@cz_binance) May 7, 2019
According to the statement: "The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time."
The company reported it that maintains an emergency fund for these eventualities, called Safu, which will be used to cover the stolen Bitcoin.
As has become usual in exchange hacks, the break in was announced via an "unscheduled server maintenance" tweet. That alarmed a number of Twitter users, who messaged CEO Changpeng Zhao, wondering if the exchange had been hacked.
Since the hack was revealed, the price of Binance Coin (BNB) fell eight percent to $19.88 but has since recovered to $21.
Responding to the security breach, CEO at blockchain analytics firm CipherTrace, Dave Jevans, said, "Binance responded quickly to the hack and was very transparent about the ordeal. It is a shining example in the industry of rapid response, full transparency and a solid financial model for reimbursing customers from hacks."
Jevans pointed out it was the second exchange hack using two-factor authentication this week, recommending a more stringent three-factor authentication. However this will be down to exchanges to implement.
Binance said it will undertake a security review to determine what went wrong and what can be fixed. While deposits and withdrawals will remain closed, trading will continue.
[Update May 7 22:16] Added statement regarding Binance Coin and quotations from CipherTrace CEO.