Binance described the digital heist, which occurred Tuesday (May 7), as a “large scale security breach,” as the thieves used several attack strategies and were also able to access user information such as login authentication codes. The platform said it was able to trace the stolen funds back to a single digital wallet.
In a statement, the company said, “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
The attack is said to have affected about two percent of their current Bitcoin holdings, which were stored in a “hot wallet.” The term refers to a place to store digital currency on the internet, whereas a “cold wallet” stores digital funds offline.
The company has responded by placing a hold on deposits and withdrawals, but will allow trading. In addition, Binance promised that no user funds would be affected, as they intend to cover the loss in full.
“Right now, our main effort is to focus on rebuilding and recovering the system,” Changpeng Zhao, founder of the crypto platform, said during a livestream. “We need to make sure that we completely eradicate any trace of the hackers in all of our accounts, in all of our data.
— Binance (@binance) May 8, 2019