Binance, one of the world’s largest cryptocurrency exchanges, said hackers withdrew 7,000 Bitcoin via a single transaction in a “large scale security breach”, the latest in a long line of thefts in the digital currency space.
The hackers used a “variety of techniques” including phishing and viruses to obtain a large amount of user data, Binance said in a post on its website. There may be additional accounts that have been affected but not yet identified, Binance said.
The transaction was limited to Binance’s BTC hot wallet, which contains about 2 per cent of the company’s Bitcoin holdings, according to the post. Other wallets are secure and unharmed, the exchange said.
The 7,000 Bitcoin are worth roughly $40 million, based on current Bitcoin composite pricing calculated by Bloomberg. Bitcoin dropped as much as 3.1 per cent to a low of $5,665 at 9.19am in Hong Kong. The broader Bloomberg Galaxy Crypto Index also dipped.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” according to the post, written by Zhao Changpeng, Binance’s chief executive officer. “We must conduct a thorough security review. The security review will include all parts of our systems and data.”
Binance estimates the review will take a week, during which time all deposits and withdrawals will remain suspended, while trading will continue to be enabled to allow investors to adjust their positions. The hackers may still control some user accounts and may “use those to influence prices in the meantime,” the exchange said.
The hackers structured the transaction to bypass existing security checks, and Binance was unable to block the withdrawal before it was executed, according to the post. Once the transaction was executed, it triggered alarms on Binance’s system and all withdrawals were stopped immediately after that, the post said.
In a tweet linking to the post, Mr Zhao said it was “not the best of days, but we will stay transparent”.