Here’s What You Should Know About Last Week’s $40 Million Binance Hack

The CEO does not expect customers to be affected while the exchange reevaluates its security.

By Rakesh Sharma


Last Monday, Hackers stole 7,000 Bitcoin from Binance, the world’s largest cryptocurrency exchange. The Hong Kong-based exchange described the hack as a “large scale security breach” and said hackers had also stolen API keys, two-factor authentication codes and other secure information. At the time, the Bitcoin were worth approximately $40 million, making it the sixth largest hack of a cryptocurrency exchange on record.  

According to a post by Binance CEO Changpeng Zhao, hackers withdrew 7,000 BTC from one transaction contained in a Bitcoin hot wallet. It contained approximately 2% of Binance’s overall BTC holdings. “The hackers had the patience to wait and execute well-orchestrated actions through multiple seemingly independent accounts at the same time,” said Zhao.

The Binance hack is the second major event to roil cryptocurrency markets in a month. On April 25, the New York Attorney General filed a case charging the Hong Kong-based exchange Bitfinex with wire fraud and misleading investors about its stablecoin.

After a brief dip in prices on Tuesday, Bitcoin quickly recovered to resume its upward trajectory. It has gained over 18% since last week and is currently trading at $7,824.99. Cryptocurrency markets have responded in kind, and total crypto market capitalization has since exceeded $200 billion.

Customer Funds Unlikely to Be Affected, Said CEO

Binance has promised to cover losses for customers from its Secure Asset Fund for Users (SAFU). That said, Zhao noted that hackers may still be in control of certain accounts and “may use those accounts to influence prices in the meantime.” However, with withdrawals disabled, there isn’t much incentive for hackers to influence markets, he explained. Some analysts have pointed to Binance’s trading volume — approximately $6.3 billion shortly after the attack — as proof that the hack will not seriously affect its operations. That number is now closer to $3 billion. Another analyst is tracking the movement of the stolen Bitcoin through wallets.   

Steps to Counter Hackers

The exchange has already stopped deposits and withdrawals for one week — the amount of time it will take for Binance to conduct a thorough security review of their systems. In a security update posted on its blog, the exchange has announced that deposits and withdrawals will resume on Tuesday, May 14. Trading on the exchange continues as before, but will be halted briefly on Tuesday during upgrades to its security systems.

Is Rolling Back Bitcoin’s Blockchain An Option?

Zhao set off a panic on Crypto Twitter following the hack by seeming to suggest rolling back Bitcoin’s blockchain to a previous state, in order to nullify or erase the transaction responsible for the hack. A similar proposition was raised during the DAO hack in 2016, when Ethereum’s blockchain was hacked to the tune of 3.6 million Ether. The community and the Blockchain forked to accommodate investor demands, resulting in the birth of Ethereum Classic.

“[It takes] only a handful of miners [to roll back to a previous state],” Cornell University computer science professor and co-director of its Initiative for Cryptocurrencies and Contracts, Emin Gün Sirer, explained to Wired. “And perhaps [the miners] wouldn’t do it for $40 million but there is a price at which they would do it.”

This time around, though, critics balked at the idea of rolling back Bitcoin’s blockchain.

“If it were to happen, it would undermine confidence in BTC, whose main claim to fame has always been security and immutability,” said Sirer.

Zhao later clarified that he did not suggest a rollback. Rather, he claimed he wanted to create a transaction that would “keep all other transactions, and just distribute the hacker coins to miners (about 300 BTC per block producer).” In other words, miners would get back the coins they had previously mined. But this suggestion was also considered controversial — and technically inaccurate — by members of Bitcoin’s core development team.

What Next?

As things stand, any customer losses will be covered by SAFU, as Binance reviews its security protocols. The exchange also issued an update stating that the API keys, some of which were stolen in the hack, have been reset to have trading functionality only. This means that customers will not be able to withdraw or deposit funds to their accounts on the exchange, and will be restricted to trading.





This website is for information and illustrative purposes only. It is not, and should not be regarded as "investment advice" or as a "recommendation" regarding a course of action, including without limitation as those terms are used in any applicable law or regulation. See Disclaimer.