Binance Reveals Hack Information as Security Becomes a Public Concern
This article was originally published by 8btc and written by Vincent He.
Since May 1, 2019, bitcoin’s price has been rising, reaching a top of over $6,000. As the whole cryptocurrency industry was enjoying the rise, an unexpected hack put a stop to the rise of bitcoin. The major exchange Binance was hacked for $40 million.
Binance has issued an announcement revealing more information about the attack. The announcement said that a large-scale security bug was found in the exchange and that the hacker stole 7,000 bitcoins from the wallet at a height of 575,012 blocks.
According to the announcement, the hacker mainly used complex technology, including fishing techniques and the implementation of viruses. The hacker obtained a large number of registered users’ API keys, Google authentication 2FA codes and other related information to carry out withdrawal operations.
Now, the 7,000 bitcoins have been transferred to 40 different wallets and these addresses have been monitored. After that, Zhao Changpeng, the CEO of Binance, said in a Twitter ask me anything that large-scale security bugs had been discovered by Binance as early as May 7 and that these bugs were also found by the hackers. This hacker must have been very patient, Changpeng said, as they had to wait until large transactions were conducted in the system before they could steal any bitcoin.
Following the incident, the price of Binance’s native token BNB fell by 10 percent in one hour. Prices have now recovered to around $20.80. At the same time, bitcoin had short-term fall from a height of $5,980 to $5,800.
According to Binance, the attack only affected about 2 percent of the bitcoin on its exchange; so, it can be estimated that the exchange owns 350,000 bitcoins, worth about $1.75 billion (12 billion yuan). Repeated statements have been made by Binance and Changpeng that the attack will not cause losses for users and investigations have been launched.
As the auditor Beosin has found, the hack was not caused by the direct transfer of the private keys of the hot wallet but by the process of withdrawing money. The single withdrawal reached 7,000 bitcoins, but the risk control system did not issue a warning.
Daniel Wang Dong, the founder of Loopring Agreement, wrote in WeChat about the attack to Michael Novogratz, a former co-partner and founder of Galaxy Digital, expressed his concern about the hack incident. Dong pointed out that, although Binance is the largest exchange in the world, 2 percent of the stolen amount will also leave a great impact, which is an inevitable result and will certainly lead to more monitoring by regulators.
With the expansion of the cryptocurrency market, hacker’s technology is also evolving and the means of attack are becoming more and more complex. Obviously, this attack was well prepared. For exchanges, it is necessary to maintain ongoing efforts to upgrade technology around anti-attack defenses.