The attack was extremely well planned, and the hackers took their time, using different tactics to obtain not only user funds, but even more worryingly, user information such as 2FA codes and API keys.
The hackers were able to bypass Binance’s strong security and all the rules put in place to stop such an attack. The warning signals only went off when the BTC was already moved off the exchange to a single bitcoin wallet.
Binance assured users that their funds are safe and that it would be covered by the SAFU fund put in place for this very reason.
SAFU Fund: “SAFU, the Secure Asset Fund for Users is an emergency insurance fund. On the 3rd of July, 2018, Binance announced the Secure Asset Fund for Users.
“To protect the future interests of all users, Binance will create a Secure Asset Fund for Users (SAFU). Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.” Source
The hackers were extremely patient and only started the withdrawal process after they had a number of high value accounts under their control.
Hacked exchanges are sadly an everyday occurrence but it is worrying that what is perceived as one of the safest exchanges in the world can suffer a hack of this size. The cryptocurrency world still has some ways to go before users can ever feel safe 100%, if that is even possible. Banks have never found a way to keep funds 100% so it would be even harder to accomplish with an asset that was designed to be easy to transfer anywhere in the world in seconds.
Many in the community have rallied around Binance, with controversial TRX founder Justin Sun tweeting soon after the news broke out, with an offer to deposit $70 million into the exchange to ally fears
To support @binance , I will personally deposit 7000 BTC worth USDT (40 million USDT) into @binance to buy $BNB, $BTC , $TRX & $BTT if @cz_binance agrees. No need to #FUD! Funds are #SAFU!
— Justin Sun (@justinsuntron) 8 May 2019
The price of Bitcoin has not seen a large movement in price at the time of writing and it might be that users feel satisfied by the way Binance has handled this attack. Or it might be that users are not affected by exchange hacks anymore since it has become a regular occurrence.
All withdrawals and deposits are presently still suspended, although trading is allowed so that users might manage open trades.
For now it is advised that all users change their passwords, update their 2FA or enable it if not yet done. At the end of the day the responsibility to keep your funds safe lies with you. It also shows that for now hard wallets like Trezor vs Ledger’s are still your safest bet.
Further reading: CRYPTOCURRENCY SECURITY GUIDE: HOW TO GUIDE ON PROTECTING YOUR CRYPTO