Hackers steal $41m of Bitcoin in Binance security breach

Graphic of a person stealing cryptocurrency from a laptop

Approximately 7,000 Bitcoins were illicitly withdrawn from a widely-used cryptocurrency exchange platform in a "large scale security breach" yesterday.

Binance has confirmed that hackers used phishing, viruses and other attack techniques to seize a large number of user API keys, codes used for two-factor authentication (2FA) as well as "potentially other info".

They also made away with more than $40.6 million worth of Bitcoins in a single transaction from the platform's hot wallet, which contained approximately 2% of its total Bitcoin holdings.

Bitcoin news: Major retailers offer support for bitcoin payments Quadriga's cryptocurency goes missing in fresh revelation to the saga Hackers infiltrated analytics platform used by 2m sites to syphon Bitcoin from gate.io

"The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time," said Binance CEO 'CZ'.

"The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.

"Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that."

Binance will now conduct a thorough security review including all parts of its systems and data, expected to take around a week to complete. During this period, deposits and withdrawals from the platform will remain suspended.

CZ also warned that hackers may still be controlling certain user actions in order to influence cryptocurrency price fluctuations.

But this announcement by Binance, in particular, could have a more longer-term damaging effect on cryptocurrencies, according to cyber security specialist with ESET Jake Moore.

"After the rise and fall of crypto in 2017, people have exercised caution when it comes to digital currencies, so this could dramatically affect the volatility of the currency if people question the security of their finances," said Moore.

"It seems to be a very well thought out and targeted attack with a damming outcome for all involved, so it goes without saying that everyone with a Binance account should change their API keys and two-factor authentication methods. Fortunately, those who have been affected will be reimbursed, but who knows how long they will remain customers."

This is yet another massive security incident to affect the cryptocurrency landscape, following several high-profile incidents within the last 12 months - but not necessarily from outside access.

Canda's largest exchange platform QuadrigaCX, for example, lost $145 million worth of crytocurrencies after its CEO died in February. When his 'cold wallets' were cracked a month later, however, investigators learned they were cleaned out months prior to his death.

Keumars Afifi-Sabet is the Features Editor for ITPro, CloudPro and ChannelPro. He oversees the commissioning and publication of in-depth and long-form features across all three sites, including opinion articles and case studies. He also occasionally contributes his thoughts to the IT Pro Podcast, and writes content for the Business Briefing. Keumars joined IT Pro as a staff writer in April 2018. He specialises in the public sector but writes across a breadth of core topics including cyber security and cloud computing.