Hackers Withdrew 7K BTC From Binance’s Hot Wallet
We have discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.
The hackers were able to withdraw 7000 BTC in this one transaction: https://www.blockchain.com/btc/tx/e8b406091959700dbffcff30a60b190133721e5c39e89bb5fe23c5a554ab05ea
The above transaction is the only affected transaction. It impacted our BTC hot wallet only(which contained about 2% of our total BTC holdings). All of our other wallets are secure and unharmed.
The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.
Binance will use the #SAFU fund to cover this incident in full. No user funds will be affected.
We must conduct a thorough security review. The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK. We will post updates frequently as we progress.
Most importantly, deposits and withdrawals will need to REMAIN SUSPENDED during this period of time. We beg for your understanding in this difficult situation.
We will continue to enable trading, so that you may adjust your positions if you wish. Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.
In this difficult time, we strive to maintain transparency and would be appreciative of your support.
Hackers Withdrew 7K BTC From Binance’s Hot Wallet – Source: https://binance.zendesk.com
After speaking with various parties, Binance decided not to pursue the bitcoin network reorganization approach.
CZ promises to learn this expensive lesson.
“To put this to bed, it’s not possible, bitcoin ledger is the most immutable ledger on the planet. Done,” added CZ.
— CZ Binance (@cz_binance) May 8, 2019
To put this to bed, it's not possible, bitcoin ledger is the most immutable ledger on the planet. Done. https://t.co/rKLBCEZmgp
— CZ Binance (@cz_binance) May 8, 2019
– CZ hasn’t slept much in the last 29 hours.
– Hackers were able to obtain a large number of user API keys, 2FA codes. The hackers had the patience to wait until they had very high-net-worth accounts.
– A number of exchanges, projects and people, including Justin Sun, Coinbase, QuarkChain, have pledged very strong support.
– Binance does not need funding help.
– Binance has been working with other exchanges to block deposits from the hackers’ addresses.
– Deposits and withdrawals on Binance are disabled for about one week.
– Currently, the focus is on helping projects migrate to the Binance chain, and make it popular.
– To be listed on Binance, projects need to submit a listing application form.
– The next Launchpad project will be announced in May. BNB holding period will be reduced. Probably, users need to hold 50 BNB to participate in the lottery.
– Binance stable coin can likely be offered. But plans change very quickly.
– The team is working on margin trading.
#Binance margin trading confirmed, security breach update, Launchpad timeline & possible future stablecoin.
— Binance (@binance) May 8, 2019