Binance revealed on May 7 that hackers stole 7,000 bitcoin--which is worth nearly $41 million at the current exchange rate--in a single transaction. The company said the hackers also compromised API keys, two-factor authentication codes and "potentially other info."
Here's the good news: Binance said its users won't have to bear any of the costs of this attack. It plans to use the Secure Asset Fund for Users (SAFU) it established in July 2018 to "cover this incident in full." That fund contains 10% of all of Binance's trading fees. Binance said it was set aside "to offer protection to our users and their funds in extreme cases." A $40 million theft qualifies.
Binance added that the hackers were only able to access its "hot wallet," which is Bitcoin storage that's connected to the Internet, as opposed to "cold storage" that is kept offline to make sure the owner's funds aren't vulnerable to attacks like the one discovered on Tuesday. That hot wallet contained just 2% of the exchange's Bitcoin holdings; the remaining 98% should easily cover the cost of this errant transaction.
The attack was said to be fairly sophisticated. Binance said it found evidence of phishing, viruses and possibly other forms of attack. It plans to conduct a security review that it expects to complete within one week. In the meantime, it's suspended all deposits and withdrawals but will continue to allow trades on its platform so its users "may adjust [their] positions if [they] wish" despite the hack.
So far as incidents involving cryptocurrency go, this one appears to have been fairly mild, despite the amount stolen. Binance users shouldn't have to worry about their holdings, which is something that can't be said of many other setbacks. Whether it's hacking, fraud, or some other incident, these problems usually end up costing people who use these exchanges. Let's hope that's not just wishful thinking.