A large-scale security breach has resulted in 7,000 Bitcoins being stolen from a well-known cryptocurrency exchange platform.
Crypto exchange Binance revealed that a significant number of user API keys were stolen by hackers this week. Attackers employed a series of phishing attacks and viruses to steal the API keys, which are codes used for two-factor authentication.
Binance suggested that additional information could have been stolen during the attack. Hackers made away with a staggering $40.6 million (£31m) worth of Bitcoins during this attack, taken from the platform’s ‘hot wallet’ – the platform’s hot wallet is reported to have held around 2% of its total Bitcoin holdings.
This marks another in a series of damaging crypto-related security incidents in the past 18-months. In March last year, adult entertainment platform, SpankChain, announced that Ethereum investors had lost nearly $40,000 (£30,000) following a security breach.
In January this year, Ethereum Classic was hacked using a rare 51% attacks, while the QuadrigaCX exchange platform – Canada’s largest exchange – lost $145 million worth of cryptocurrencies following the death of its CEO in February.
An investigation subsequently found that the deceased CEO’s ‘cold wallets’ had been accessed several months prior to his death.
- Ethereum Classic Hack: Could Bitcoin Suffer a Similar 51% Attack?
- SpankChain Security Breach Loses $40,000 in Cryptocurrency
- ‘Tamper-proof’ Crypto Wallet Hacked by a 15-Year-old
Commenting on the breach, Binance CEO ‘CZ’ said: “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.
“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
The firm’s CEO added that once executed, the large-scale withdrawal triggered their systems alarms; at which point the company “stopped all withdrawals immediately.”
Binance said it will conduct a comprehensive review of its security procedures throughout all parts of its systems and data. The firm expects the review will take around one week to complete; during which deposits and withdrawals will be suspended.
The firm commented: “We will continue to enable trading so that you may adjust your positions if you wish. Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime.
“We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”