On May 7, cryptocurrency exchange Binance suffered a devastating data breach. Hackers infiltrated the platform and managed to steal more than 7,000 Bitcoins, which is worth $42 million. The company’s disclosure statement noted the intruders obtained user application programming interface (API) keys and two factor-authentication codes.
With that data, the operators were able to pull off a coordinated attack that removed tens of millions of dollars from the firm’s hot wallet. As a result of the hack, the world’s largest cryptocurrency exchange lost two percent of its Bitcoin holdings.
How Hackers Pulled Off the Bitcoin Heist
Binance explained the criminal group penetrated its cybersecurity system with a host of different attack methods. The hackers used malware and phishing techniques to harvest the platform’s user credentials. Next, the thieves patiently orchestrated a series of transactions before stealing 7,074 Bitcoins in one withdrawal.
The firm’s statement noted the criminal operators’ diffuse strategy didn’t initially trigger the platforms security protocols. However, once the infiltrators withdrew funds to a single wallet, the exchange halted all transaction activity. Binance said only its hot wallet was affected but some individual accounts may still be under the hacker control.
The company stated its secure asset fund for users will cover all losses incurred in the hack. Binance also announced it would be suspending all transactions and withdrawals while it further investigated the data breach.
On May 8, CoinDesk reported the hackers moved $7 million of their ill-gotten gains to two different wallets. Blockchain analyst Amy Castor tweeted the operators were shifting funds to make their digital trail harder to follow. In response to “irregular trading activity,” the exchange deactivated its users trading API keys Wednesday afternoon.
The Nuclear Option
Shortly after Binance made its data breach disclosure, CEO and founder Changpeng Zhao took to Periscope to answer questions. At one point, the executive confirmed the exchange considered initiating a rollback to recover the lost funds. A rollback would require the firm to convince 51 percent of the Bitcoin network to undo all transactions made during the time the heist occurred.
Zhao’s comments attracted intense criticism because they contravened the perception that the popular cryptocurrency is immutable. His implication that Binance can reorganize the Bitcoin blockchain unsettled traders and analysts.
Ultimately, Zhao declared his company would not attempt to initiate a rollback. If the firm had attempted to undo the multimillion-dollar theft, it wouldn’t be the first time a crypto marketplace took such drastic action.
After hackers stole $50 million from the Ethereum exchange in 2016, the organization reversed the transactions that facilitated the theft. The platform’s decision resulted in a hard-fork split of its token. However, Vitalik Buterin, Ethereum’s co-founder, tweeted his firm’s revision was “surgical” and that a full rollback was never considered because of the collateral damage it would’ve caused.
Cryptocurrency Isn’t Secure
In the direct aftermath of the hack announcement, Bitcoin lost 3 percent of its market capitalization. However, once Binance announced it could cover the stolen assets, the digital currency’s value rebounded. But what happens the next time a large exchange suffers a data breach?
The decentralized nature of cryptocurrency means users are depending on individual exchanges to protect their funds. If a less cash-rich platform takes a hit like Binance, its users might never get their money back. In the first five months of 2019, four major digital token marketplaces have been hacked. Furthermore, three other cryptocurrency exchanges shuttered leaving users unable to withdraw or transfer their capital.
The cryptocurrency sector desperately needs to enhance its cybersecurity. Hackers shouldn’t be able to make $40 million vanish with one stroke or $180,000 disappear via a fake twitter account. If the leading exchanges don’t take action, government regulators will eventually step in. When that happens, the autonomy that made cryptocurrency so appealing will be gone.