For several hours on March 7, 2018, the crypto world was rocked with what appeared to be yet another cryptocurrency exchange hack. Social media networks like Twitter and Reddit were awash with angry Binance account holders proclaiming that their coins were being sold off without their consent.
So, was the Binance exchange hacked and would it be added to the growing number of earlier exchange hacks like Mt. Gox, Bitstamp, Bitfinex, and Bitgrail?
Binance was quick to acknowledge via Twitter that they had a problem but initially this just forced the market down further. They announced that their alert system for abnormal trading had kicked in and they had locked down the exchange (i.e., no withdrawals would be permitted until further notice).
Over the next few hours, speculation mounted that this was going to be another black day for crypto. News filtered through that the hack may have involved API access that some account holders use for automated trading on the exchange. This was ruled out reasonably quickly as some victims hadn’t enabled API access on their account.
Finally, the explanation was that the hack was caused by a major phishing campaign, orchestrated about a month earlier when Binance servers went down for almost two days. At that time, Binance provided regular Twitter updates about the server recovery process. Fake Twitter accounts for Binance were created in which they apologized for the server downtime and announced bonus tokens for the inconvenience. It appears that many people were taken in by the fake accounts and unwittingly gave their account details to the hackers.
A full breakdown of what Binance has currently established and the action they have taken can be found here. Overall, Binance did a pretty good job of handling the incident, and this should give us all some comfort that exchanges have monitoring systems in place. Hopefully, the exchanges learn a little more from each hack but, rest assured, it will be an ongoing challenge to keep the hackers at bay.
With the huge sums involved, it’s almost inevitable that more exchanges will be hacked at some point in the future. If you were a hacker would you spend all your time trying to hack a random individual’s PC in the hope that you struck lucky and they were obscenely rich, or would you target an exchange with hundreds of millions of dollars worth of cryptocurrency on hand?
By all means, use exchanges to buy and sell different cryptocurrencies and use a proportion of your stash to day-trade if you wish to, but don’t keep all your digital assets on a single exchange. The bulk of your investment in crypto should be held offline in hardware or paper wallets. If you are planning to day-trade, split your crypto up over at least 3 or 4 different exchanges to mitigate any potential losses to hackers.