Hackers stole $40 million from a major Bitcoin exchange

Binance users won't lose any money thanks to an emergency insurance fund.

Binance, one of the world's largest cryptocurrency exchanges, announced that it lost $40 million (7,000 Bitcoins) in a "large scale security breach." The company said that hackers accessed a hot wallet that contained about two percent of its total BTC holdings. They used phishing and viruses to obtain user data and managed to bypass security checks, preventing Binance from blocking the transaction. The company said that "no user funds will be affected," as has an emergency fund that will cover the incident "in full."

"The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time," wrote Binance CEO Zhao Changpeng in a statement. "We must conduct a thorough security review. The security review will include all parts of our systems and data."

Binance was unable to block the transaction, but it triggered an alarm and the company shut down all deposits and withdrawals. While trading can continue, all transactions will reportedly take a week to complete. "Deposits and withdrawals will need to remain suspended during this period of time. We beg for your understanding in this difficult situation," the exchange wrote. "We will continue to enable trading, so that you may adjust your positions if you wish. Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime."

Cryptocurrency exchanges have a sordid history, with hacking and theft rampant. One of the messiest sagas occurred recently with Canada's QuadrigaCX exchange. Co-founder and CEO Gerald Cotten passed away in December 2018, and it turned out he was the only one who could access the company funds, leaving creditors high and dry. Last year, Coincheck lost $400 million worth of cryptocurrency in a hack and BitfinX lost $64 million in 2016. Perhaps the most famous, which helped kick off this trend, was the hack that brought down Mt. Gox in 2014.