- Hackers stole users’ API keys, two-factor authentication codes, and other information.
- Hackers also withdrew 7,000 Bitcoin, worth nearly $41 million from Binance’s hot wallet.
Binance cryptocurrency exchange suffered a security breach on May 7, 2019, wherein hackers stole users’ API keys, two-factor authentication codes, and other information. Hackers also withdrew 7,000 Bitcoin, worth nearly $41 million from Binance’s hot wallet.
Hackers leveraged phishing attacks, malware attacks, and other attacks to gain access to Binance user accounts. The hackers then managed to withdraw 7000 Bitcoin in one transaction from Binance's hot wallet and transferred it to several smaller accounts.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks,” Binance said in a security breach update.
Upon withdrawal, various alarms were triggered at the cryptocurrency exchange system, however, it was too late to block the withdrawal before it was executed. Later, Binance immediately stopped all other withdrawals.
What are the preventive measures taken?
- Binance will be conducting a thorough security review, which will include all parts of its systems and data.
- The cryptocurrency exchange has suspended all its deposits and withdrawals.
“Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets,” Binance concluded.