Industry News

$40 million worth of Bitcoin stolen from Binance cryptocurrency exchange

Binance, one of the world’s biggest cryptocurrency exchanges by trading volume, says that it has suffered a security breach that saw hackers steal more than $40 million worth of Bitcoin.

A statement issued by the company says that it discovered the “large scale security breach” yesterday, and has determined that hackers were able to steal a large number of user API keys, 2FA codes, and potentially other information.

In one single transaction the hackers were able to withdraw 7000 Bitcoins (worth, at current exchange rates, approximated US $40.6 million) from Binance’s hot wallet – approximately 2% of the company’s total Bitcoin holdings.

In the statement the cryptocurrency exchange reassures customers that all of its other wallets “are secure and unharmed”, and that its Secure Asset Fund for Users (SAFU), stored in a separate cold wallet for just such emergencies, will cover any losses.

Binance says it is now investigating the security breach, and will review the defences it has in place to see what can be improved.

According to the company’s statement, the hackers used a “variety of techniques, including phishing, viruses and other attacks”.

“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”

The implication appears to be that the hackers could have stolen much more money had the exchange’s alarm bells not sounded.

While its investigation continues, Binance has suspended all deposits and withdrawals – although trading remains open.

Cryptocurrency forensics firm CipherTrust reported earlier this year that a staggering US $950 million worth of cryptocurrency was stolen by hackers from exchanges during 2018 – 3.6 times more than in the previous year.

Binance is no stranger to being the target of hacker attacks. Last year it offered a $250,000 reward for information that led to the arrest of hackers who attacked its platform.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • One name: "The Data Jackal". (Think Bruce Willis)

    These companies and bitcoin exchanges always say "We will work with Law Enforcement" whenever these crimes are committed. But 950 million dollars stolen in one year?

    If it keeps up, these entities are going to reach a point where an Underground/BlackOps culture will develop that will have some digital CEO deciding that it's time to send a message and make hackers think twice about what they are doing by offering lucrative contracts for their assassination.

    "I will give you 5 million dollars if you find this person and kill him."

    Illegal? Sure. But in the face of almost a billion dollars in losses, someone is eventually going to give hackers a reason to re-think it.