Obviously, everyone’s eyes in the crypto world today are pointed to Binance, amid the announced hack of 7,000 bitcoin or nearly $40 million worth of Bitcoin. Quickly conspiracy theories started to build up implying that the occurrence probably might not have been really a hack.
Unclear Statements from Binance
Tuesday, Binance, the largest crypto exchange in the world, announced that it was hacked losing 7,000 BTC which are worth around $40 million at the actual bitcoin price
They clearly state in the announcement that the security breach did not target Binance’s safety measures, but instead had the clients as a target:
“Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.”
What the above statement actually means is that Binance itself was not hacked but hackers were able to obtain sensitive data directly from users, which later was used to steal the funds.
The official announcement additionally says that all the 7,000 BTC that was stolen from the exchange was sent out in a single transaction explaining how that happened:
“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”
The announcement does not explain why they were unable to block this withdrawal and what was so special about its structure.
What about Binance Withdrawal Limits and KYC?
Binance has 3 levels of verification. The first level allows users to withdraw 2BTC, the second allows 100 BTC and the third is customizable for large user accounts.
For the first level users, to withdraw 2 BTC, no verification is needed. For the second level Binance requires a lot of documents from the users to raise for them the withdrawal limit to 100 BTC. For the third level, the verification process must be more complex than level 2.
So how could be possible that such a large single transaction, like the one in the security breach announcement above, passed undetected by Binance security systems?!
In addition, the supposed hacker that was clever enough to hack whales on Binance, then he sent the stolen BTC to SegWit addresses where funds ane not spendable, adding more questions without an answer to the matter.
It is very strange to me that someone would have the intelligence, resources, savvy & access to hack major ‘whales’ on Binance’s platform via API, yet be so incompetent as to drown $40 million in addresses where the funds can’t be spent.
— CryptoMedication (@ProofofResearch) May 8, 2019
What are your thoughts about the Binance hack? Feel free to post it in the comments below.
Edit: The claim about the BTC being unspendable revealed to be incorrect, and some funds were moved from the SegWit addresses.