An unknown group of Hackers stole more than 7000 BTC ($41,000,000 USD*) from Binance, the worlds largest cryptocurrency exchange. Binance reported that the hacker used a combination of phishing exploits and gained access to a large number of “API keys, 2FA codes, and potentially other info”. This marks the biggest hack for Binance.
For more information about Binance, check out our Binance Review.
Funds are SAFU
Binance was able to immediate respond that “Funds are Safe” – they have an emergency fund that can easily cover the $41 Million that were stolen. In fact, it is reported that Binance made a profit of $446 Million in 2018 alone, so this hack can easy be covered by the exchange.
As a safety precaution, Binance has halted all deposits and withdraws on the exchange for at least 7 days. The purpose of this suspension is to improve exchange security and reduce the impact of the stolen funds. The exchange still has resumed trading at this time.
We strongly recommended is to keep funds off exchanges and in hardware wallets such as the Ledger Nano X. Exchanges are large targets for hackers – ironically the bigger and more reputable the exchange, the more hackers they attract. Having a Cold Wallet (such as the Ledger or Trezor) allows for storage of cryptocurrency on devices that are not accessible to hackers.
Decentralized Exchanges to the Rescue?
In light of this hack, Decentralized Exchanges (DEX) are becoming more and more promising. With a DEX, users can keep their own funds and be safe from large hacks and suspension in deposit / withdraws. Binance has already been building a Binance DEX, supported by the Binance Chain.
Inside Job?
Various theories have surfaced about the Binance Hack, with some accusing the hack possibly coming for Binance Insiders who know the workings of the exchange and security precautions. Previous Binance talked about their “Big Data” AI which was meant to catch unauthorized withdraws and sim swap attacks
The hot and cold wallet storage of Binance has been extensively analysed by the Hacken Team for any further information.
The report showed that Binance had Internal controls for amount sent and manual review. However it seems hacker managed to withdraw amounts that were just under the manual review threshold. It might be possible that the hacker had information about the internal workings of the Binance defense system and how to bypass it. However, there is no conclusive evidence that it was done by someone inside Binance.
No Rollbacks – Bitcoin is Safe!
There was a proposal to rollback the hacker’s transaction on the Bitcoin Blockchain after the hack was initially discovered. This would reverse the transaction and “thwart” the hacker. This drew the ire of the Bitcoin community is it recognized that even with $41 M bounty to do a reversal, it would be extremely dangerous and near impossible to collude more than 51% of the hash-power.
Whilst Binance CEO Changpeng Zhao “CZ” initially humored this idea, it was quickly refuted.
Many Bitcoin advocates who are familiar the network also pointed to the impossibility of doing a Bitcoin Rollback:
*Assuming $5883 per Bitcoin as the time of writing.