Cryptocurrency trading hub Binance, one of the world’s largest, has confirmed it lost about 7,000 Bitcoins (around $40 million) to hackers after its so-called “hot wallet,” i.e. one connected to the internet and used to process transactions, was breached, Bloomberg reported on Tuesday.
The hot wallet in question contained about two percent of Binance’s holdings and was robbed in a single transaction, Bloomberg wrote. Binance wrote in a statement that they were aware the hackers involved “used a variety of techniques, including phishing, viruses and other attacks,” though the company was “still concluding all possible methods used” and there may be “additional affected accounts that have not been identified yet.”
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” Binance CEO Zhao Changpeng wrote in the statement. “We must conduct a thorough security review. The security review will include all parts of our systems and data.”
Binance said that it would cover any losses in full using its Secure Asset Fund for Users, an insurance reserve set up for this type of situation, Bloomberg wrote. The news network added that Binance said automated systems triggered an alarm during the incident, though it was unable to prevent the attack’s success, and it estimates a security review and temporary halt to all deposits and withdrawals will take a week to complete:
Binance estimates the review will take a week, during which time all deposits and withdrawals will remain suspended, while trading will continue to be enabled to allow investors to adjust their positions. The hackers may still control some user accounts and may “use those to influence prices in the meantime,” the exchange said.
The hackers structured the transaction to bypass existing security checks, and Binance was unable to block the withdrawal before it was executed, according to the post. Once the transaction was executed, it triggered alarms on Binance’s system and all withdrawals were stopped immediately after that, the post said.
According to industry publication CoinDesk, major cryptocurrencies including Bitcoin took a hit as a result of the news—though the hack followed a Bitcoin rally of about nine percent over the past week.
In December 2017, Bitcoin hit a peak value of nearly $20,000 before crashing hard, with its value now sitting slightly below $5,800. The industry has long been plagued by scams and allegations of suspicious business practices. In addition to reports that organized cybercriminals are likely behind hundreds of millions in theft, numerous companies that drew investors with offerings of tokens instead of traditional stock have flatlined or gone bust, and one exchange alone recently claimed to have lost $180 million in cryptocurrency when its owner died and took critical passwords with him.
Researchers have concluded Bitcoin’s original rise in value may have been largely due to market manipulation. New York authorities recently said they believed the operators of the alleged “stablecoin” Tether, one of the cryptocurrencies implicated in that market manipulation, may have been “engaged in a cover-up to hide the apparent loss of $850 million dollars of co-mingled client and corporate funds.”