Cryptocurrency exchange Binance has confirmed a “large scale” data breach, in which hackers stole more than $40 million in cryptocurrency
In a statement, the company said hackers stole API keys, two-factor codes and other information in the attack.
Binance traced the cryptocurrency theft — more than 7,000 bitcoins at the time of writing — to a single wallet after the hackers stole the contents of the company’s bitcoin hot wallet. Binance, the world’s largest cryptocurrency exchange by volume, said the theft impacted about 2 percent of its total bitcoin holdings.
“All of our other wallets are secure and unharmed,” said the statement.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the statement read. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
“Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement said.
Binance said its secure asset fund for users (SAFU) will cover user losses.
Until the company’s investigation is complete, deposits and withdrawals will remain suspended but trading will remain open.
Binance chief executive Changpeng Zhao is set to hold a Twitter ask-me-anything session in the coming hours. TechCrunch will bring you more once we have it.
- Security lapse exposed a Chinese smart city surveillance system
- A leaky database of SMS text messages exposed password resets and two-factor codes
- Chipotle customers are saying their accounts have been hacked
- We found a massive spam operation — and sunk its server
- Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked
- Stop saying, ‘We take your privacy and security seriously’
- Robocaller firm Stratics Networks exposed millions of call recordings
- Massive mortgage and loan data leak gets worse as original documents also exposed