The cryptocurrency exchange Binance has reported a loss of 7,000 Bitcoins (equivalent to £31.5 million at the time), in a coordinated cyber-attack on a "hot wallet" where two percent of its assets were held. It is reported to be the sixth largest cryptocurrency hiest, and it caused Bitcoin prices to fall four percent.
According to an announcement made by the company, it discovered a "large scale security breach" on 7 May. Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks
"The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that," the company said in a statement.
According to the statement, the breach only impacted Binance’s hot wallet, which contains roughly two percent of the exchange’s total bitcoin holdings.
Binance’s CEO, Changpeng Zhao said that the firm would conduct "a thorough security review", which will include all parts of its systems. He added that deposits and withdrawals will remain suspended for the next week, trading will be re-enabled,
"Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets," he added.
Temtum founder and senior cryptography advisor, Richard Dennis, told SC Media UK that this goes to show the power and influence of certain individuals and organisations within crypto, CZ and a handful of Bitcoin devs.
"If this roll-back, essentially the same as a 51 percent attack, was seriously discussed at any point between Binance and Bitcoin developers, then this is a very serious course of action that should now be investigated by all of us involved in the industry, to ensure integrity from those with authority," he said.
"This shows how centralised Bitcoin, exchanges and all cryptocurrencies really are and how no cryptocurrency at the moment can currently stop these potential issues from arising. It’s the responsibility of all of us, to deliver highly secure solutions and deploy networks in the right way to achieve genuine decentralisation sooner rather than later - but not at the risk of the currencies long term suitability as financial products, as we’re seeing with Bitcoin."
Dave Palmer, director of Technology, Darktrace, told SC media UK that cryptocurrency holders needs to take account security as seriously as their bank account security – but as with traditional banking, the user can only do so much to mitigate the risk.
"This includes using trusted computers for transactions, using strong passwords, avoiding storing large amounts of currency in single accounts or mobile wallets," he said.
"Ultimately, cryptocurrency exchanges are going to have to take the same advanced measures as banks to protect against an ever-evolving threat landscape. Cyber-security AI will be a critical part of this, because it can keep pace of very fast-changing data environments and spot problems early – before disaster strikes."
According to a new survey, more than two-thirds of high-net-worth individuals will be invested in cryptocurrencies in the next three years. Carried out by deVere Group, the survey shows that 68 percent of poll participants are now already invested in or will make investments in cryptocurrencies, such as Bitcoin, Ethereum and XRP, before the end of 2022.