FacebookTwitterLinkedIn

$41 Million Stolen from Cryptocurrency Exchange

Those who have invested in Bitcoin have had much to smile about recently. The cryptocurrency rose to 6,000 USD on May 8, this was the first time it had broken this mark since November of last year. Nowhere near the 10,000 USD of yesteryear at the height of cryptocurrency popularity, this is still seen as some form of validation for those loyal to the original cryptocurrency. However, if you used the popular cryptocurrency exchange Binance, seen as one of the top five exchanges on the market currently, the price of bitcoin may be overshadowed by the news that hackers managed to steal 41 million USD from the exchange.

The hack occurred on May 7 and was responsibly disclosed to users of the platform via an official blog post. The company stated that the hack occurred as a result of hackers using a variety of techniques, which included phishing and the use of malware, to gain access to user accounts, which included API keys, 2FA codes, and potentially other information. It appears that the attack was incredibly well co-ordinated because at a set time the hackers initiated a mass withdrawal from these accounts, generating a massive 7,074 BTC transaction from Binance's main “hot wallet” to several smaller accounts. The massive withdrawal did trigger numerous alerts and warnings within the Japanese based exchange but sadly these warnings came too late in order to prevent them from happening.

In response, admins froze deposits and withdrawals immediately after and put the site in maintenance mode to investigate the gigantic pile of money that left their platform. Binance stated that,

“The transaction is structured in a way that passed our existing security checks…The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time.”

The company plans to undergo a security audit in the coming week to root out hackers from any other accounts they might still be controlling on the platform.

$41 million stolen from binance

Further, to the relief of users of the platform the company announced that there would be no loss suffered by them as Bianace would be absorbing the costs associated with the hack. In order to do this, the company plans to use its Secure Asset Fund for Users (SAFU) fund to cover the losses suffered today. The SAFU fund was specially created for these types of situations with the company saying,

“Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”

Not the First Security Incident

In March of 2018, a phishing campaign was blamed for a mass sell-off of currencies which affected multiple users. The hackers behind the attack ran a fraudulent website which included a subtle change in domain name compared with Binance’s official domain. When users entered login details they were harvested by the attackers and then a trading API key was created for each account. This API lay dormant until a two-minute period of frantic trading cleared out compromised user accounts. Fortunately, in this case, Binance’s security protocols were up to scratch and prevented the transactions from completing resulting in no loss to the users whose accounts had been compromised.

Despite that no real harm to users and investors occurred, the company launched a cryptocurrency reserve worth 10 million USD to fund off a substantial reward to anyone with information related to a recent attack on the platform's users. Those with information could earn up to 250,000 USD in Binance Coin (BNB) with immediate effect out of the fund for information which leads to the legal arrest of those involved in an attack which took place last week. The company went on record at the time to say that,

“Binance has currently allocated the equivalent of $10,000,000 in crypto reserves for future bounty awards against any illegal hacking attempts on Binance…We have also invited other exchanges and crypto businesses to join our initiative. We welcome their participation at any time.”

It is one thing stealing the cryptocurrencies and another to launder them into physical funds. It is due to this that law enforcement agencies across the globe have increased their investigative capabilities into the laundering of cryptocurrency. In the middle of 2018, CipherTrace released a report which showed a spike in demand for those wishing to launder cryptocurrency. In the report it was shown that hackers were using a range of online tools, these include mixers, tumblers, foggers, and laundries, to obfuscate the origin of stolen digital currencies. In fact, certain websites specialized in this charging a fee for laundering the digital currency and use a process that combines it with other funds in an input pool, and then transfers it between exchanges until the origins become unclear. This is done multiple times making tracing the stolen currency incredibly difficult.

While users can do much to prevent their accounts from being compromised there is sometimes little that they can do when an entire platform is breached. It has been suggested that exchanges adopt Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations in an effort to keep tabs on customers. However, much of the appeal, especially to hackers and cybercriminals, is the anonymity granted by the cryptocurrency, so exchanges may be hesitant to adopt such regulations specifically in areas which do not impose such regulations. Binance appears to be on the opposite end of that scale by wanting to be as transparent as possible and adopting policies to help prevent users from suffering the costs associated with security breaches.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal