Binance was “hacked” and they have $40M unauthorised withdraws.
Why do I think this is not a hack? What media has incorrect?
Binance says in their PR that it was user API keys compromised, not their own infrastructure. It is users’ responsibility to protect their own IT equipment. Likely these users were using a third party trading bot service – either a hosted one or download on your PC.
Facts supporting this theory:
- This is not generic phishing/consumer hacking as one could spread withdraws over long tim
- Third parties/trading bot makers are not tech savvy enough to protect their systems with customer API keys
- Binance insider job seems unlikely, as the hot wallet was only partially emptied
A trading bot service gets compromised. Binance ends up bailing out them for 40,000,000 USD.
A clever hacker would even mix his own funds in the “stolen” funds and call it a hack, as friendly fraud, to get some bonus money. Further escalated: if it is a third party who was using API keys Binance cannot know if this is a conspiracy and not a hack.
Binance could have more manual withdraw checks in place. $40M might not be that much of withdrawals or not for them.
The long term solution for cryptocurrency industry is to have more checks and controls in place. In the ultimate form this means more regulation. Under regulation, third party services with weak security touching client money would not have allowed to be operated in the first place.