Cryptocurrency exchange Binance has confirmed a “large scale” data breach, in which hackers stole more than $40 million in cryptocurrency
In a statement, the company said hackers stole API keys, two-factor codes and other information in the attack.
Binance traced the cryptocurrency theft — more than 7,000 bitcoins at the time of writing — to a single wallet after the hackers stole the contents of the company’s bitcoin hot wallet. Binance, the world’s largest cryptocurrency exchange by volume, said the theft impacted about 2 percent of its total bitcoin holdings.
“All of our other wallets are secure and unharmed,” said the statement.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” the statement read. “The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
“Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,” the statement said.
Binance said its secure asset fund for users (SAFU) will cover user losses.
Until the company’s investigation is complete, deposits and withdrawals will remain suspended but trading will remain open.
Binance chief executive Changpeng Zhao is set to hold a Twitter ask-me-anything session in the coming hours. TechCrunch will bring you more once we have it.
This post was originally posted at http://feedproxy.google.com/~r/Techcrunch/~3/9dtbf-HX5VE/.