BINANCE

DESCRIPTION OF EVENTS

"Binance is a cryptocurrency exchange which is currently the largest exchange in the world in terms of daily trading volume of cryptocurrencies. It was founded in 2017 and is registered in the Cayman Islands."

"Binance was founded by Changpeng Zhao, a developer who had previously created high frequency trading software. Binance was initially based in China, but later moved its headquarters out of China following the Chinese government's increasing regulation of cryptocurrency."

"Binance, which is based in Taiwan, announced on Tuesday that hackers were able to withdraw about 7,000 bitcoin through a single transaction, amounting to $40 million." "Binance was hacked through its hot wallet, reporting $41 million worth of stolen bitcoin on May 7." "We have discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks." "The hackers were able to pass security checks completely, although the company acted quickly and halted all withdrawals once aware of the breach."

"Early Tuesday, Changpeng “CZ” Zhao, the chief executive of Binance, took to Twitter to reveal that has platform had to undergo “unscheduled server maintenance” that would “impact deposits and withdrawals”. Interestingly, CZ noted that the “funds are #safu”, evidently trying to reassure users that nothing was amiss." "Binance is not releasing specific details about how the hack was performed at this time, but from what little information has been made public, it is thought that a number of account credentials were collected through phishing attacks and targeted malware."

"The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that."

"It is believed that these accounts were then used to initiate a withdrawal of 7074 BTC from the exchange’s hot wallet into multiple wallets controlled by the attacker." “According to reports, hackers used malware and phishing methods to siphon 7,000 BTC – about $41 million – at the time, in a single transaction.” “The hacker apparently patiently executed timely actions through multiple seemingly independent accounts, which is why it wasn’t caught by Binance’s security checks. The withdrawal of the stolen funds triggered Binance’s alarms, but unfortunately they were not able to stop it before it was executed.”

"On Periscope, Zhao gave more details about the hack, saying that it was a very advanced effort executed by “very patient” hackers who waited until they had a number of high net worth accounts." "The company does not know yet exactly how many users were affected."

“Binance said that the wallet affected only had 2% of the company’s total funds.” "The above transaction is the only affected transaction. It impacted our BTC hot wallet only (which contained about 2% of our total BTC holdings). All of our other wallets are secure and unharmed." “The funds from the Binance hack were immediately transferred in several transactions involving much smaller wallets with some eventually converted to fiat and withdrawn.”

"Most importantly, deposits and withdrawals will need to REMAIN SUSPENDED during this period of time. We beg for your understanding in this difficult situation." "Due to irregular trading on some APIs, Binance will restrict all currently existing API keys to have trading functionality only. These keys will then be removed in full at 2019/05/08 1:30 PM (UTC)."

"The company is currently working with other exchanges to block deposits from hacked addresses. It will be about a week before Binance can release withdrawals or accept deposits again because it needs to “make sure we completely eradicate any trace of hackers in all our accounts and data and that is a pretty tedious process,” Zhao said. He encouraged everyone to change their API keys and two-factor authentication."

In response to questions about potentially issuing a rollback, Zhao said “to be honest we can do that probably within the next few days but there are concerns that if we were to do a rollback on the bitcoin network on that scale, it may have some negative consequences in terms of destroying credibility for bitcoin, so our team is still deciding on that and running through the numbers and checking everything. We will try to maintain very high transparency.” He added that the idea came from the bitcoin community. “I actually did not know we could do that, but there are serious consequences for doing that, so we will take that very cautiously.”

"Crypto users took notice and despite Binance’s native token BNB dropping 16 percent in the days following the hack, consumer confidence is reflected in the fact it was trading up over 60 percent just two weeks later."

"Binance customers won’t lose money, though, thanks to its “Secure Asset Fund for Users,” an emergency insurance fund it’s had in place since July 2018." Binance “insist[ed] that it will refund any affected users.” "Binance will use the #SAFU fund to cover this incident in full. No user funds will be affected." "[Zhao] added that Binance will be able to cover the bitcoin lost without help."

"Also, this was not the largest outlay of cash percentage-wise we have had to endure. Back in Sept 2017, when the Chinese government issued a letter banning ICOs and “recommending” projects to return money to investors. The news alone caused many tokens to drop below their ICO prices, and many project teams couldn't return the whole amount to users. While $BNB stayed strong at about 6x the ICO price, Binance did help a number of projects raise money on our platform that were affected by this policy. So we did a quick calculation: if we were to help cover the losses for our users and for those projects, it would cost us roughly $6,000,000 USD. Putting that in perspective, while we only raised $15,000,000 two months prior, we spent a bunch of money and were barely cash flow neutral at the time. We decided to do it anyway. I was in a moving subway when the team called me, and we made that decision together in less than 5 minutes. That was more than 35% of all the cash we had at that time. The goodwill that that decision generated eventually brought us many users from China and all over the world, helping to fuel our growth. So, this time, this $40m represented a much smaller % of our cash reserves, plus we had the #SAFU fund that could fully cover it."

Binance, the largest exchange in the world, was hacked, and 7076 bitcoin ($41,238 USD) were taken through a complex series of API keys, 2FA codes, and other information. The funds were taken from Binance's hot wallet. Binance's platform suspended deposits and withdrawals for some time while doing their investigation. Binance has offered to cover all losses through the hot wallet insurance through their SAFU (Safe Asset Fund for Users) under which 10% of trading fees are set aside in a separate cold storage for future emergencies.

HOW COULD THIS HAVE BEEN PREVENTED?

While the most secure storage by far is a multi-signature wallet with all keys properly held by trained individuals, security of hot wallets can be improved by having additional experts review the security of systems. Our proposed framework sees 2 reviews prior to launch, and regular reviews on an ongoing basis. In the event of a breach, a comprehensive industry insurance fund would be available, which handles fraud and covers additional events beyond self-insurance.

Check Our Framework For Safe Secure Exchange Platforms

Infographic: An Overview of Compromised Bitcoin Exchange Events (Jan 30)
Upbit Is the Seventh Major Crypto Exchange Hack of 2019 - CoinDesk (Feb 4)
Secure Asset Fund for Users (SAFU) - Definition | Binance Academy (Feb 13)
The biggest cryptocurrency scams and arrests of 2019 - Business Insider (Feb 15)
Binance Is Not Authorized to Operate in Malta, Financial Regulator Says (Feb 23)
Most Significant Hacks of 2019 — New Record of Twelve in One Year (Feb 23)
A Look Back on Some of the Most Devastating Crypto Hacks | Fintech Singapore (Feb 27)
Top 6 Biggest Bitcoin Hacks Ever (Mar 2)
Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5)
SlowMist Hacked - SlowMist Zone (Jun 26)
The 23 exchange hacks of 2019 (Aug 8)
https://www.pymnts.com/cryptocurrency/2019/major-crypto-hacks/ (Dec 12)
Binance - Wikipedia (Nov 9)
https://www.binance.com/en/support/announcement/360028031711 (Dec 25)
Transaction: e8b406091959700dbffcff30a60b190133721e5c39e89bb5fe23c5a554ab05ea | Blockchain Explorer (Dec 25)
https://www.binance.com/en/support/announcement/360027851252 (Dec 25)
https://www.binance.com/en/support/announcement/360028425911 (Dec 25)
Binance says more than $40 million in bitcoin stolen in ‘large scale’ hack – TechCrunch (Dec 25)
@cz_binance Twitter (Dec 25)
Binance hack: If bitcoin is so safe, why is it a target for thieves? - Vox (Dec 25)
Breaking: Binance Hot Wallets Lose 7,000 Bitcoin (BTC) In "Large Scale" Security Breach (Dec 25)
@binance Twitter (Dec 25)
@cz_binance Twitter (Dec 25)
Binance hot wallet hacked - 7000 BTC stolen : ethereum (Dec 25)
https://micky.com.au/crypto-security-what-we-can-learn-from-the-binance-hack/ (Dec 25)
https://www.binance.com/en/blog/all/security-incident-recap-336904059293999104 (Dec 25)
Binance Twitter AMA with CEO Changpeng Zhao (CZ) - YouTube (Dec 25)
Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap (May 16)
Binance margin trading confirmed, security breach update & more - CZ's AMA May 2019 - YouTube (Dec 25)
normal_rc comments on CZ Binance suggests reorging the BTC blockchain to rollback 7000 stolen BTC transaction. (Oct 17)

More case studies

MakerDAO Governance
Vulnerability

Ledger Funds
Stolen Jpeezy555