It’s happened again. Another exchange has suffered a large scale hack and theft of cryptocurrency. On May 7th, 2019 hackers withdrew 7,074 Bitcoins from Binance’s hot wallet. Here’s what happened, and the next steps you need to take.
What Happened in the May 2019 Binance Hack?
Binance calls this hack a “large scale security breach”. On May 7th, 2019, at 17:15:24 (UTC), hackers used a large number of “stolen” account details to withdraw 7074 Bitcoins from the Binance exchange.
The hackers made this withdrawal in one transaction, which you can view on the Blockchain.com block explorer. This withdrawal did not trigger any alarms or security checks from Binance. This transaction looked normal to the exchange’s automated security systems. Only once withdrawn did any alarms trigger, which led to an investigation and discovery by the Binance team. Binance immediately halted all withdrawals from their system.
It’s important to note that this hack only impacts Binanace’s Bitcoin hot wallet, which represents roughly 2% of their total Bitcoin holdings. The other 98% of their Bitcoin holdings are in various other wallets and are not affected.
How Did the Binance Hack Happen?
As this hack is still under investigation at the time of writing, the exact details are still unknown. The Binance team are working on a security review and will share more information as they learn the details. Binance CEO Changpeng Zhao says:
We must conduct a thorough security review. The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK. We will post updates frequently as we progress.
What we know so far, is that the hackers “…used a variety of techniques, including phishing, viruses and other attacks”. It sounds like the hackers compromised many user accounts, which were then used to fund this transaction. We must stress that until the full details of the investigation emerge, this is all speculative.
To keep track of any new announcements, take a look at the Binance latest news page.
Are Any User Funds Affected?
Yes, and no. while all funds held by exchanges are user funds, it’s not as simple as saying “they lost money, so they lost my money”. Exchanges often store your funds in an exchange-owned wallet alongside funds from many other users. They often use a “traditional” database to track the funds between users. This makes trading super quick and means any trades within the exchange network don’t have to go over the blockchain.
Binance took precautions to mitigate their liability in the event of theft on this scale. On July 3rd, 2018, Binance announced the Secure Asset Fund for Users (SAFU). This name comes from a community meme, but more importantly, it’s a fund set aside to cover any funds lost in extreme circumstances such as this hack.
Binance allocates 10% of all their trading fees to this fund. Given that Binance is the fifth largest cryptocurrency exchange by volume, and that Changpeng Zhao is worth an estimated $1.4 billion, it’s safe to assume that this “insurance policy” contains more than enough funds to cover these losses.
To prevent this fund from getting hacked in the same way, mismanaged, or otherwise “confused” with the main trading accounts, Binance store this fund in its own cold wallet.
Are There Any Other Consequences?
As this attack may be a phishing attack, it’s possible that hackers know your Binance username and password, and potentially even more information such as your email address, phone number or more.
If you’ve used the same password across all your web accounts or shared your Binance password with other web services, the hackers could access your other systems, by trying your Binance username and password.
If you use any API keys to trade or view data on Binance, they may no longer work. Binance has reset all API keys, as it’s a possibility that hackers used these to execute their trade.
The hackers may also have access to any multi-factor authentication codes or emergency account access you use to log in to the Binance platform.
What Stops This Happening Again?
Cryptocurrency seems to be suffering from something of a crime wave. Dan recently discussed all the lessons to learn from the 2019 crypto hacks, so there appears to be no shortage of nefarious deeds.
Binance considered a 51% hard fork, whereby the current Bitcoin blockchain would “roll back” all the transactions since before this hack as if it never happened. They decided against it, due to the harm and division it may cause the community. You only have to look at Ethereum and Ethereum Classic for an example of this happening.
While the Binance team are still investigating the details behind the hack, the only thing we can be certain of is that Binance will take whatever precautions they deem necessary to protect their funds.
While it is unfair to say Binance don’t care about users, they care more about people using their platform. If people lose faith in Binance, they will stop trading on it. This leads to a reduction or total loss of trading fees for Binance, and ultimately their whole business. It’s in their best interests for Binance take steps to protect their systems, to prevent anything like this from happening to them again.
Steps to Take Right Now
If you’re a trader or even hobbyist Binance user, there are several simple steps you must take right now to protect yourself:
- Change your Binance password
- Update your Binance multifactor authentication codes
- Update your Binance recovery codes
- Regenerate your Binance API keys (if used)
- Change your passwords on any other websites that have the same password as your Binance account
While you don’t have to do anything to claim your funds back, you should change all your Binance passwords and access codes. Finally, keeping funds on an exchange is not the best idea from a security perspective, because hacks like this can happen!
This hack sits alongside some of the worst cryptocurrency hacks in history. Let us known in the comments section your thoughts on this hack.