The company announced that the breach was detected on May 7 at 12:15 p.m. EDT. In addition to stealing bitcoins, the hackers made off with a large number of user API keys, 2FA codes, and “potentially other info.”
Binance wrote that the hackers withdrew around $41 million worth of bitcoin in a single transaction that affected its hot wallet, which contained around 2 percent of the firm’s total bitcoin holdings. “All of our other wallets are secure and unharmed,” said CEO Changpeng Zhao.
The attackers used several techniques to carry out the heist, including phishing and viruses.
“The hackers had the patience to wait and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” Zhao wrote. “The transaction is structured in a way that passed our existing security checks. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.”
Zhao warned that as the attackers were able to steal some user information, they "may still control certain user accounts and may use those to influence prices."
While the company investigates the breach, all deposits and withdrawals will remain suspended, but trading will not be affected. This suspension will last about one week to “make sure we completely eradicate any trace of hackers in all our accounts and data and that is a pretty tedious process,” said Zhao.
Worried customers will be pleased to hear that the stolen bitcoins are covered by Binance’s Secure Asset Fund for Users, an emergency insurance fund set aside for such incidents. It’s still not known how many users were affected by the breach.