Crypto Venue Loses $40 Million to Hack

This article is being republished as part of our daily reproduction of WSJ.com articles that also appeared in the U.S. print edition of The Wall Street Journal (May 9, 2019).

Binance, one of the world’s largest cryptocurrency exchanges, said hackers stole more than $40 million worth of bitcoin from its platform in what it called a “large scale security breach.”

The theft offers another example of the vulnerability facing cryptocurrencies and the venues where investors trade them. Yet the price of bitcoin and other digital currencies barely budged after the robbery was disclosed Wednesday morning in Asia.

Binance said it discovered Tuesday that 7,000 bitcoins were stolen from a single wallet, amounting to roughly 2% of the company’s total bitcoin holdings.

Hackers used phishing, viruses and other techniques, the company said. Binance said they had obtained information about multiple users, including two-factor authentication codes. Industry participants said they believed it was the rst major breach at Binance.

Binance, which was founded in China but now operates outside the country, said it was suspending deposits and withdrawals for one week while it conducts a security review, although users will still be able to trade existing funds. Stolen funds would be refunded through its emergency insurance account, the company said.

“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time,” Binance said. “The transaction is structured in a way that [it] passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed.”

In a video posted on Twitter following the disclosed hack, Changpeng Zhao, chief executive at Binance, described the incident as “a very advanced, persistent hacking effort.” He said trading might need to be halted “for a couple of hours here and there” due to system upgrades.

He said Binance has the funds to back the stolen amount. “It does hurt very much but we are able to cover that,” he said in the video. “We are not short on funds right now,” he added.

Hacks were a primary reason for bitcoin’s steep fall last year following its manic rally in 2017. While bitcoin, the largest cryptocurrency by market value, is up more than 50% so far this year, it remains down by about 70% from its record high in December 2017.

“People are quite used to exchange hacks,” said John Patrick Mullin, a cryptocurrency investor and blockchain consultant in Hong Kong. “Markets didn’t move nearly as much as they would’ve one year ago if the same thing happened.” Bitcoin recently traded around $5,800, according to CoinDesk.

Cryptocurrency exchanges and investors are often targeted by hackers. More than $1.7 billion has been publicly reported stolen over the years, mostly from exchanges in Asia, including Japanese platforms Mt. Gox and Coincheck. Last month, the New York attorney general’s office said an exchange called Bitnex had covered up a loss of $850 million of corporate and customer funds by using the reserves of the digital currency it controls, tether.

Bitcoin and other cryptocurrencies exist on independent networks and operate on the blockchain, a public record of transactions. In an effort to replicate the anonymity of physical cash, those transactions aren’t connected to an identity. The anonymity is appealing to bitcoin proponents but is also attractive to hackers and makes it tough to catch thieves.

“Hacking risks are part of the business reality for crypto exchanges,” said Henri Arslanian, global crypto leader at PwC. “While crypto exchanges are becoming increasingly better prepared, hackers are becoming increasingly sophisticated as well.”