Binance faced a major security breach on Tuesday evening, as a consequence, Bitcoin worth $40 million were hacked.
Binance said the hackers were able to get crucial user information such as two-factor authentication codes, which allowed the hackers to run away with over 7,000 bitcoin. A variety of attacks like API keys, phishing and malware attacks were used to carry out this outrageous theft.
In a statement, Binance said the attack was very well-orchestrated. The hackers waited for the most precise moment to attack multiple accounts and direct all the bitcoin to a single wallet address.
Once the transaction was executed, it triggered alerts throughout the system which then froze all withdrawals. The transaction was structured to bypass the existing security checks. Furthermore, the wallet under attack was a hot wallet that holds almost 2% of the total Binance bitcoin holding.
Binance has suspended withdrawals from the platform for one week, however, trading continues as usual.
According to CEO Changpeng Zhao, the incident will not affect the funds of the Binance users as it will cover all losses. Binance has sufficient resources to recover from the loss of $40 million from its Secure Asset Fund for Users (SAFU Fund).
Security team’s advice for current Binance users
The aftermaths of the incident are under process and the exchange is focusing on rebuilding and recovering. CEO of Binance said in an AMA, the exchange had considered blockchain re-org but decided against it.
They recommend users to reset 2FAs and to change the keys for traders who have been using API.