In the field of digital currency, Binance has attracted much attention as a well-known trading platform. However, a recent shocking incident has thrown the digital giant into trouble. It is said that the Binance trading platform suffered a theft and 7,000 Bitcoins were taken away by hackers. This incident not only attracted widespread attention, but also raised concerns about the security of digital assets. So, how were 7,000 Bitcoins stolen from Binance? Let’s dig deeper into the story.

Well-known hackers attacked, and 7074.18 Bitcoins have been stolen so far.

According to information disclosed by Binance CEO Changpeng Zhao, the exchange discovered a "large-scale security vulnerability" on May 7 that allowed hackers to access user application program interface keys (API
keys), two-factor authentication codes, and other information. In one transaction announced in the security notice, hackers made off with approximately $41 million worth of Bitcoin.

Beosin Chengdu Lian'an Technology Security Team conducted an in-depth analysis of this attack:

Transaction details are as follows,

Occurred at block 575013, the total loss could reach up to 7074 BTC

Detailed withdrawal address

So far, approximately 7,000 BTC have been stolen from the Binance hot wallet (address: 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s).

The current balance of Binance’s hot wallet is 3,612.69114593 BTC, indicating that the private key of Binance’s hot wallet is safe. After analysis by the team,

On May 8th 01:17:18

Initiate coin withdrawal operations at the same time through the API interface.

After applying for the Binance Exchange API, the API key and Secret key will be generated, as shown below:

The API interface has limited user IP restrictions and open withdrawal functions. Open withdrawal means direct use

API key and Secret key can be withdrawn directly without collecting verification codes, SMS messages, or Google verification codes.

As shown below:

The official calling code demo of the API part is as follows (from 

Our preliminary analysis believes that the attack was caused by the leakage of the user's API key and Secret key information.

If the user does not restrict the IP address and configures the open withdrawal function, any attacker can carry out the attack after obtaining the API key and Secret key information.

User information may be leaked in the following ways:

1. Ordinary users generally do not use API keys. Generally, advanced users use them to implement automated transactions in the code. It may be that the user source code is leaked, causing the API Secret key to be leaked.

2. The user was attacked by phishing, and the API key and Secret key entered were intercepted by hackers.

3. The computer where the user’s API key and Secret key are saved was attacked and stolen.

4. Binance exchange system reasons led to the leakage of user API keys and Secret keys. Only 71 users opened the withdrawal function and the coins were stolen.

The main 20 addresses of the 7,074 BTC stolen by hackers are as follows:

bc1qp6k6tux6g3gr3sxw94g9tx4l0cjtu2pt65r6xp 555.997 BTC

bc1qqp8pwq277d30cy7fjpvhcvhgztvs7v0nudgul5 463.9975 BTC

bc1qld27dqu6wrl4tmjdr8tl55qavmghwrr4ldh7qn 473.9975 BTC

bc1q8m9h3atn4cqeqhu3ekswdqxchp3g7d4v3qv3wm 567.997 BTC

bc1q7p6edvd4zvtya8uj366c23dan8pvlp503spucu 468.9975 BTC

bc1ql0wlnu80l8kctjzkzlzd72sdjqwuvruvgepceq 383.998 BTC

bc1q3ldtrr6xtpx8jam5gw68aaexz2wtluj0qullvr 189.999 BTC

bc1qyv4zv0wjn299kx4yz6g7v6g6400wqgzcqgw9vx 383.998 BTC

bc1q6fejm4r866tmt8ptf42juedv5gevlv2qt72agq 371.998 BTC

bc1qvstwzsrfml43jrclsp68220l4lx5lw3kwf7dp0 193.999 BTC

bc1qecs672j9dpvwr56zeldgf3swtlv3dad52wzuta 463.9975 BTC

bc1qshkncv7tkpye7z0z4a3k9yw2e73whha9gjs88z 97.9995 BTC

bc1qhlhx6lrnr0jf4zpvm788j7yeezau6s8q557p2z 279.9985 BTC

bc1qesy52g7ndy652qudr2awuk57mcaxgmn9qsmpzk 469.9975 BTC

bc1q9svj9wp68zftgejjgk6f96ukuyx8c5urkqsv69 193.999 BTC

bc1qanrl8n3flz4jftkscljx2hwuc3h50f9ynp2nyn 89.9995 BTC

bc1qtpdptcf4ngfkwq6dr36kqaeh2n5h00rx5unkgc 670.9965 BTC

bc1qvr2jxlmvckap7cg2l6mdgh5fa8glkhe4s88sax 377.998 BTC

bc1qhqap39mpkldjzvqdf3204p732krtnf56mm9aj3 370.998 BTC

3KBsR6Ld255Tw5hNR4S6KaX5SXxvRF6jv3 1.29968018 BTC