— Binance (@binance) May 7, 2019
According to a recent update by Binance CEO Changpeng “CZ” Zhao, on May 7 at 17:15:24 (UTC), hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info, in addition to the bitcoin which was moved in a single transaction, somehow bypassing the 100 BTC withdrawal limit.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” explained CZ. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
CZ notes that the compromised Bitcoin hot wallet contained only about 2% of the exchanges total BTC holdings, as the majority of funds are in cold storage.
Moving forward, Binance notes that it will be conducting a thorough security review that will take roughly one week. During this time, deposits and withdrawals will remain suspended, but trading will continue.
News of the hack has had a fairly muted impact on the crypto market, which is currently down roughly 2.6%. Meanwhile, bitcoin is only down 0.8% to $5,860, suggesting the crypto community has faith that user funds are “SAFU.”
Binance was last compromised in July 2018, which led the exchange to set up the Secure Asset Fund for Users.
Disclaimer: This article’s author has cryptocurrency holdings that can be tracked here. This article is for informational purposes only and should not be taken as investment advice. Always conduct your own due diligence before making investments.