“Hackers were able to obtain a large number of user API keys, 2FA codes… They used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet,” the start-up said in a statement late on Tuesday.
According to Balance, the world’s largest cryptocurrency exchange by volume, the theft impacted about 2 percent of its total bitcoin holdings.
The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time from a global cryptocurrency exchange.
“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed,” Binance added.
“Once executed, the withdrawal triggered various alarms in our system. The start-up stopped all withdrawals immediately after that.”
Binance said it would conduct “a thorough security review” encompassing its systems and data during the next week.