Hackers stole more than 7,000 bitcoin from crypto exchange Binance, the world’s largest by volume, the startup reported Tuesday.
Binance announced that a “large scale security breached” was discovered earlier on May 7, finding that malicious actors were able to access user API keys, tw0-factor authentication codes and “potentially other info,” the exchange’s CEO, Changpeng Zhou, said in a letter. As a result, they were able to withdraw roughly $41 million in bitcoin from the exchange.
The exchange may not yet have identified all impacted accounts, he said. The hack only appears to have impacted Binance’s hot wallet, which contains roughly 2 percent of the exchange’s total bitcoin holdings.
“All of our other wallets are secure and unharmed,” he said, adding:
“The hackers had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
The withdrawal triggered internal alarms after it was executed. CZ said the exchange froze withdrawals after. While deposits and withdrawals will remain suspended for the next week, trading will be re-enabled, though he cautioned that “the hackers may still control certain user accounts.”
Binance will conduct “a thorough security review” encompassing its systems and data during the next week.
The exchange will use its SAFU Fund to cover the loss, which won’t impact users.
CZ image courtesy Binance