Binance experienced a major security breach May 7 that resulted in the theft of 7000 BTC.
According to Binance hackers used various strategies including viruses and phishing to which they were able to obtain a large number of API keys and 2FA codes as well as other information.
Binance stated there was one transaction where the hackers were able to withdraw 7000 BTC worth approximately $40 million.
CEO Changpeng Zhao stated in a letter on Binance's website that the bitcoins were withdrawn from their hot wallets. These wallets contain only 2% of the exchange's bitcoin holdings. CZ stated that Binance's other wallets were not affected.
Binance has suspended all withdrawls and deposits as it conducts a security review on its systems, which CZ estimates will take up to a week. Trading will still be able to take place.
In a statement CZ said:
“Please also understand that the hackers may still control certain user accounts and may use those to influence prices in the meantime. We will monitor the situation closely. But we believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets.”
Binance will be using its Secure Asset Fund for Users (SAFU) to cover the losses of the hack. Binance created the fund in July 2018 as an emergency insurance. Binance allocates 10% of trading fees to finance SAFU.