All Eyes on Binance Stolen Funds: Can the Thieves Cash Out $40MM USD?

Chat With Us
Thanks for your interest! We'll be in touch shortly.
Oops! Something went wrong while submitting the form.

On May 7, cryptocurrency exchange Binance discovered a large scale security breach enabling attackers to withdraw more than 7,000 BTC (approximately $40M USD) in one transaction. Since May 8, those funds have sat unmoved in 7 cryptocurrency wallets. Binance quickly communicated the attack publicly, which immediately raised awareness among the broader cryptocurrency industry and enabled Chainalysis to track the funds. This transparency ultimately makes it more difficult for the attackers to successfully cash out the stolen funds.

What we know about the stolen funds from ongoing monitoring

The stolen funds were initially sent to 19 addresses. We then identified an additional 7 addresses controlled by the attackers. Those 26 addresses are now labeled as stolen funds in our software.

In the same transaction as the stolen funds, there were legitimate Binance transfers. We confirmed with Binance which transfers were legitimate, and have not labeled those as stolen funds. We will also continue to add to the Binance stolen funds cluster if we identify additional addresses controlled by the same entity.

On May 8, one day after the breach was discovered, all of the stolen funds were moved from the cluster of 26 addresses to the following 7 addresses:

  1. bc1qw7g5uxxl750t0h2fh9xajwuxp4qt634yh3vg5q
  2. bc1q2rdpyt8ed9pm56u9t0zjf94zrdu6gufa47pf62
  3. bc1qnf2ja3ffqzc3hskanjse6p8zag52fm6jgmmg9u
  4. bc1q3a5hd36jrqeseqa27nm40srkgxy8lk0v0tpjtp
  5. 1MNwMURYw1LkPnnpda2DQkkUsXXeKL9pmR
  6. bc1qx3628eh9tdnm0uzculu8k6r2ywfkc5zns2hp0k
  7. 16SMGihY94H8UjRcxwsLnDtxRt7cRLkvoC

The stolen funds currently sit within these addresses and Chainalysis is continuing to monitor for any additional movement. With nearly the entire industry keeping an eye on these funds, it remains to be seen what route the hackers will take as they attempt to cash out the stolen funds.

Chainalysis visualization of the $40MM USD stolen from Binance

Chainalysis has notified customers if they have any exposure to the stolen funds, and will continue to do so.

What to do if your organization is hacked

Hackers have stolen cryptocurrency worth ~$150 million so far in 2019. Hackers are leveraging increasingly sophisticated social engineering methods, and cryptocurrency businesses continue to be vulnerable as hackers target Bitcoin and other cryptocurrencies.

If your organization discovers it has been hacked, we recommend the following best practices:

Don’t wait—time is of essence

  • Reach out to law enforcement
  • Report stolen funds to experts who can help
  • Leverage blockchain investigation software to immediately track the flow of funds in real-time as the funds move through the blockchain

Be transparent—the more the community is aware, the more they can help

  • Publish the addresses the attackers used to hold stolen funds so other exchanges can prevent the funds from being converted through their service
  • Share the information publicly if you can  

Work with cryptocurrency experts

  • Hacks often involve the same actors, and experienced investigators have insights into their patterns
  • Be wary of information published by non-professional investigators on Twitter and other unverified sources. Chainalysis works directly with exchanges and leverages industry-leading technology to provide accurate blockchain analysis.

Our team is standing by to help cryptocurrency businesses with investigations into hacks, quickly identify and label relevant addresses, and keep our network of exchanges up to date with developments. For more information about how Chainalysis’s blockchain analysis can help prepare your organization manage hacks, contact us today.

Read the Full Report

To see our full research on this topic, sign up to receive access to the complete Chainalysis Crypto Crime Report: Decoding hacks, darknet markets, and scams.

Get Access to the Report

Learn more about KYT for Stablecoins & Token Issuers

Monitor transactions across the token’s full lifecycle, from issuance to redemption—and any transaction in between.

Learn More

How Transaction Monitoring Works at Chainalysis

One of the reasons Chainalysis KYT is so popular is that it uses global anti-money laundering (AML) standards common across regulatory bodies. We apply these standards when each transaction is screened.

Cryptocurrency businesses also need to understand the aggregate risk profile of each of their users. That’s why Chainalysis KYT provides a view of risk profiles at the user level, which reflects all of a user’s screened transactions. For example, if an organization has a user who receives funds from a darknet market, our software automatically flags that transaction as high risk. If the user sends funds to a regulated exchange, our software marks that transaction as low risk. And so on. Every screened transaction feeds into a user’s risk profile. Chainalysis KYT displays all user profiles, sortable by high, medium or low risk (using traffic light colors) for easy scanning.

We apply our risk methodology in real time to all users within an organization’s user base. This saves compliance teams from laborious, manual screening work. They can instead focus on developing comprehensive compliance programs. Organizations that work with us tell us this has enabled them to meet regulatory expectations and launch or grow their businesses.

Customizable risk level

We’re now giving our customers the ability to adjust the risk level of a category or a service. For example, not all jurisdictions around the world treat gambling the same way. In some countries, gambling is not considered a legitimate business activity and thus online gambling sites would be treated as high risk. In other countries, gambling is not considered illicit, which means properly licensed online gambling sites would be treated as low risk.

The ability to customize the risk level of categories and specific services means our customers can automate even more of their compliance workflows.

Organization-wide dashboard

One of the most useful facets of Chainalysis KYT is having a view of all users and their risk profiles directly accessible upon first logging in. It provides a visual alert of which users have high risk profiles and therefore require the most immediate attention. In keeping with the spirit of simplified visual cues, we have now launched a dashboard that summarizes key indicators at the total organization level. For example, organizations can now see what percentage of their user base is falling under high, medium or low risk. They will soon be able to see things like total exposure by category, or total transaction volume per day. These and other metrics will provide our customers additional understanding of their organization’s total exposure trends over time.

In-app chat

At Chainalysis, we strive to provide as much support to our customers as we can. To make it easier to interact with us, we added in-app chat to Chainalysis KYT. This allows our customers to send us questions or feedback without having to leave the environment. Our team typically responds within minutes.

Looking ahead

We know software is most valuable when it makes the lives of our customers easier and more productive. This means we’ll continue to add intuitive capabilities to our compliance products while increasing versatility for ongoing transaction monitoring. In the coming months, we will improve how transaction information is displayed. We will also boost our monitoring capabilities for other cryptocurrencies beyond Bitcoin. And we will deepen the integration with Chainalysis Reactor, which is used for enhanced due diligence and investigations.

The momentum around cryptocurrency compliance is only just starting and we look forward to continuing to offer software that builds trust in blockchains.

Thank you! We'll be in touch shortly.
Oops! Something went wrong while submitting the form.
Thank you! We'll be in touch shortly.
Oops! Something went wrong while submitting the form.

We’re growing! Check out our 25+ open roles >

Thank you! We'll be in touch shortly.
Oops! Something went wrong while submitting the form.
Oops! Something went wrong while submitting the form.
Please check your mailbox for a copy of the report.
Oops! Something went wrong while submitting the form.
Next article

Chainalysis Team








Watch Our Exclusive Webinar

Jan 31, 12PM ET

Chainalysis senior economist, Kim Grauer, answers audience questions on our latest research in a recorded webinar.

Watch Recording