Insight

One of the world’s largest crypto exchanges hacked for 7,000 Bitcoins

14/05/2019

Authors: Andrea Beatty, Chelsea Payne, Louisa Xu, Michael Bacina

Service: Banking & Finance | Blockchain
Sector: Financial Services

One of the world’s largest global cryptocurrency exchanges, Binance, revealed this month that hackers had withdrawn over 7,000 Bitcoin in one transaction.

On 7 May 2019, one of the world’s largest global cryptocurrency exchanges, Binance, revealed it had discovered a large scale security breach, with Hackers withdrawing over 7,000 Bitcoin (currently worth approximately AUD$70 million) in one transaction.[1]

It is reported that hackers used a variety of techniques including phishing and viruses to obtain a large number of user API Keys, two factor authentication codes and potentially other information in the attack.[2] Hackers used multiple seemingly independent accounts at the right time to pass existing security checks.[3] Binance was not able to withdraw the transaction before it was executed, but has since suspended all withdrawals until a security overhaul has taken place.[4]

The attack, consisting only of the one transaction, impacted only Binance’s BTC hot wallet, which contained about 2% of total Bitcoin holdings.[5] Binance stated that it will use its Secure Asset Fund for Users (SAFU), an emergency insurance fund, to cover the incident in full.[6]

This isn’t the first time a cryptocurrency exchange has been hacked, with a number of high profile exchanges suffering from attacks. In 2011, the infamous Mt Gox hack announced more than 750,000 Bitcoins were missing from the exchange. Unfortunately for these investors, they were not reimbursed for their losses.

Binance has issued a further security incident update stating they are aiming to resume operations on 14 May 2019 after making significant improvements to their security systems.[7]


[1] Binance, ‘Binance Security Breach Update’ (7 May 2019) https://binance.zendesk.com/hc/en-us/articles/360028031711-Binance-Security-Breach-Update.

[2] Ibid.

[3] Ibid.

[4] Ibid.

[5] Ibid.

[6] Ibid.

[7] Binance, ‘Binance Security Incident Update #3’ (13 May 2019) https://www.binance.com/en/blog/334367288279687168/Binance-Security-Incident-Update-3.