Hackers have stolen 7000 bitcoins worth $40 million in one transaction on crypto exchange Binance.
Binance announced this morning that it had discovered a "large scale security breach" involving the theft of user API keys, 2FA codes, and potentially other info, alongside the withdrawal of 7000 bitcoins.
The hackers used a variety of techniques, including phishing, viruses and other attacks, says Binance.
"The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks," states the firm. "It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that."
Binance has suspended all deposits and withdrawals for at least a week while it undertakes a security review. The company says that no users will suffer any losses as a result of the breach, which was covered by an emergency insurance fund.
"We will continue to enable trading, so that you may adjust your positions if you wish," the firm tells users. "Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets."