Binance Experiences Massive Security Breach

Over the last few weeks, it has been nothing but good news for Binance. They were moving forward with several projects and doing well even through the crypto winter. It seems like that has finally come to an end with the announcement that hackers have stolen $40 million of Bitcoin.

The breach occurred on May 7th, and hackers were able to use a whole array of methods (phishing and viruses) to obtain sensitive user information. With 2FA codes and other key info, they withdrew 7,000 BTC. The total value of these Bitcoin at the time of writing this is around $40 million. No other withdrawal transactions have occurred as of yet.

Details Still Being Released

The money was withdrawn from Binance’s hot wallets, according to Binance CEO Changpeng Zhao. Luckily, these wallets contain only 2% of the exchanges total Bitcoin holdings, and no other wallets were affected. Although deposits and withdrawals have been suspended while a security review is underway, trading will still go on. However, CZ has cautioned:

“Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”

A Twitter AMA followed as more details are revealed. The final count of stolen BTC was 7,070 and CZ emphasized the need for rebuilding and recovering at Binance. The hackers were apparently very patient, and waited until they had amassed a significant amount of account data before starting to execute the attack.

Potential Blockchain Re-Org

Another point of concern was that Binance was considering incentivizing a blockchain re-org. This would have seen miners be incentivized to reverse the effects of the attack  using 51% of the hashing power. Not only would this have been risky, but it also would have compromised the integrity of Bitcoin, which would have cost a lot more than $40 million.

The fact that this idea was even floated attracted significant pushback from commenters. Centralized moves like this are exactly what Bitcoin is about avoiding, and most view the centralized nature of major exchanges like Coinbase or Kraken as a debilitating factor.

CZ was able to distract from this a bit by announcing that Binance does intend to launch margin trading soon. Bitcoin, as well as Ethereum, Ripple, and several other altcoins, will soon have margin support once the beta testing is done.

Implications for the Sector

As the largest cryptocurrency exchange by daily trade volume, this is major news for what it implies about the industry. Binance does have a Secure Asset Fund for Users that will cover the incident. Their emergency preparedness is commendable, but users are likely still spooked by the prospect of funds and accounts be compromised.

All of these leads us to ask the even bigger question: if Binance can be compromised, what exchange is our cryptocurrency safe with? There have been several other big crypto exchange hacks so far this year (Cryptopia, DragonEx, and Bithumb) as well as the fall of QuadrigaCX, but this is the largest and most worrisome. Hopefully Binance is able to get back to regular operations after their week of downtime, and this makes them even stronger than before.