HONG KONG – Binance, one of the world’s largest cryptocurrency exchanges, said hackers withdrew 7,000 bitcoin worth about $40 million via a single transaction in a “large scale security breach,” the latest in a long line of thefts in the digital currency space.
The hackers used a “variety of techniques,” including phishing and viruses, to obtain a large amount of user data, Binance said in a post on its website. There may be additional accounts that have been affected but not yet identified, Binance said.
The company will use its Secure Asset Fund for Users, an emergency insurance fund, to cover the incident in full and no user funds will be affected, it said.
The transaction was limited to Binance’s bitcoin hot wallet, which contained about 2 percent of the company’s bitcoin holdings, according to the post. Other wallets are secure and unharmed, the exchange said.
The 7,000 bitcoin are worth roughly $40 million, based on current bitcoin composite pricing calculated by Bloomberg. Bitcoin had pared some losses as of 10:05 a.m. in Hong Kong after dropping as much as 3.1 percent to a low of $5,665. The broader Bloomberg Galaxy Crypto Index also dipped.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” according to the post, written by Binance’s Chief Executive Officer Zhao Changpeng. “We must conduct a thorough security review. The security review will include all parts of our systems and data.”
Binance estimates the review will take a week, during which time all deposits and withdrawals will remain suspended, while trading will continue to be enabled to allow investors to adjust their positions. The hackers may still control some user accounts and may “use those to influence prices in the meantime,” the exchange said.
The hackers structured the transaction to bypass existing security checks, and Binance was unable to block the withdrawal before it was executed, according to the post. Once the transaction was executed, it triggered alarms on Binance’s system and all withdrawals were stopped immediately after that, the post said.
In a tweet linking to the post, Zhao said it was “not the best of days, but we will stay transparent.”