Binance, the world’s largest by-volume cryptocurrency exchange, reported this Tuesday that hackers have stolen more than 7,000 Bitcoin from them.
Binance’s CEO, Changpeng Zhao, announced in a letter that a “large scale security breach” was discovered on May 7th, and that malicious actors had been able to access user API keys, two-factor authentication codes and “potentially other info”.
The hackers were able to withdraw approx. $41 million (£31.45m) in Bitcoin from the exchange, according to a transaction published in the security notice.
After the disclosure, Changpeng Zhao tweeted that the exchange would “provide a more detailed update shortly”.
According to the statement from Binance, the hacking breach only impacted Binance’s hot wallet, which contains around 2% of the exchange’s total Bitcoin holdings with Zhao stating that “all of our other wallets are secure and unharmed”.
Zhao continued: “The hackers had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb has commented: “Technical details of the breach still remain obscure and it would be premature to make any conclusions at this point of time.
“Today, all cryptocurrency-related businesses should be well prepared to defend against constant and sophisticated cyberattacks. In reality, however, virtually all of them underestimate or ignore digital risks and allocate scant resources for cybersecurity. Most have to compete on a very aggressive and turbulent market and thus are reducing their costs by all available means. Software development suffers most tremendously as cheap outsourced code cannot be secure by definition.
“To bring certainty to the cryptocurrency markets clear regulatory standards are required, such as is PCI and PA DSS. Even if they are not a silver bullet, they greatly reduce both the number and average volume of credit cards theft.”