Make sure to read our other Mythbusters by Binance (part one, part two, part three, part four, part five, part six) and look out for future articles to follow.  This is a crucial part of our efforts to promote crypto literacy and dispel the stigma surrounding one of the most significant innovations in recent history.

What Happens if a Crypto Exchange Is Hacked?

Crypto exchanges are online platforms that allow users to trade digital assets. While such exchanges, centralised and decentralised, provide convenient access to the world of digital finance, they can be vulnerable to hacking. Today, successful attacks on big exchanges are extremely rare. However, if an exploit does occur, the consequences for users can range from minor inconvenience to catastrophic loss of funds.

In severe cases, criminals may gain access to the wallets that hold users’ funds and syphon off large amounts of cryptocurrency. Due to the nature of blockchain, these actions will be irreversible.

Additionally, the hacker may be able to access sensitive user information such as email addresses, passwords, and identification documents. These can be used for further attacks, such as phishing or identity theft. 

The possibility of such hacks, however, is not unique to crypto platforms: banks and other traditional financial institutions are as likely to become targets of criminals looking to compromise their internal systems to steal money.

Responsible crypto exchanges have layers of security measures and policies in place to ensure that hacks don’t happen. Yet, even in the highly unlikely event that nefarious actors manage to steal digital funds from an exchange, it is still far from game over. 

Although security breaches do happen on a central level, attackers are more likely to obtain unauthorised access through fraud: targeting individual users with highly sophisticated social engineering tactics to get them to disclose their login credentials and bypass two-factor authentication methods. 

Following the Stolen Funds

What happens in the case of a successful hack largely depends on the actions of law enforcement. Generally, the larger the scale of a hack, the more likely investigators are to invest significant resources in tracking down the perpetrators.

Thanks to the transparency of records on public blockchains, the stolen funds can be traced quite easily, making it difficult for the hacker to get away with the spoils. If the authorities find a way to link the wallets through which the funds move to the identities of hackers or their accomplices, the criminals are in trouble. Once they are arrested, law enforcement will most likely be able to seize at least some of the stolen money and use it to compensate the victims.

For example, in 2016, the Bitfinex exchange was hacked, resulting in the loss of approximately $72 million worth of bitcoin at the time. U.S. government agencies were able to recover the majority of funds and return them to users.

The victims of a 2014 hack of the exchange Mt. Gox were less lucky. Some $460 million worth of bitcoin was lost, and the exchange was unable to recover much of the money, leaving users with significant losses. Repayments began in 2023 with some recovered funds, but much is still missing.

As you can see, even the assets lost in major heists can be eventually recovered. However, it is an arduous, lengthy process, and no one can guarantee the desired outcome. Luckily, there are also things that the exchanges themselves can do to protect users in the event of a security breach.

What Can Exchanges Do?

Crypto exchanges constantly face threats from hackers and other malicious actors seeking to steal user funds. Exchange platforms implement various security measures to safeguard the funds that customers entrust to them. One good practice is to utilise cold storage, keeping user funds offline in hardware wallets. Careful consideration of the risks and benefits is needed to maintain the proper levels of liquidity for exchange operations to continue smoothly while minimising any potential, even if unlikely, risks to user funds.

Multi-factor authentication and password policies are among other common security features used to prevent unauthorised access to user accounts. Many exchanges also have a cap on withdrawal amounts, with additional checks required to go beyond the limit. User education is also key to avoiding falling victim to scammers. 

Furthermore, some exchanges have proactively established insurance funds to provide additional protection to their users. One prominent example is Binance’s Secure Asset Fund for Users (SAFU), funded by a portion of trading fees, which covers losses incurred by users as a result of extreme situations such as hacks. Some other exchanges have also established similar funds or insurance policies to provide an additional layer of protection for their customers.

Case in Point: The SAFU Fund

For example, in the event of a security breach or hack, Binance will use the funds in the SAFU fund to reimburse affected users. The compensation each user receives will depend on the extent of the breach and the amount of funds lost. 

Having established the fund in 2018, Binance began allocating 10% of all trading fees toward it, aiming to have $1 billion (USD) of assets available to use in emergencies. Moving forward, Binance will continue to monitor the size of SAFU to ensure that it remains adequate to protect users’ interests.

Our SAFU fund is also transparent and verifiable by anyone. You can check the status of the assets by checking the wallet addresses below.

BTC: 1BAuq7Vho2CEkVkUxbfU26LhwQjbCmWQkD 

BNB and USDT :  0x4B16c5dE96EB2117bBE5fd171E4d203624B014aa 

TUSD (ERC20):  0x4B16c5dE96EB2117bBE5fd171E4d203624B014aa 

A comprehensive self-insurance initiative, the SAFU fund is a testament to Binance’s commitment to the security and well-being of its users. It represents a significant step forward in building trust and confidence in the cryptocurrency market.

Crypto exchanges employ a variety of policies and security measures to safeguard users’ funds and data from potential hacks. Exchange insurance funds are an excellent tool for providing extra peace of mind for users. After all, even the most advanced security systems are not infallible, and there always remains a possibility of a hack.

We have previously called on all centralised exchanges to introduce similar measures. Self-insurance benefits the entire ecosystem and demonstrates our collective commitment to raising the bar on upholding trust, integrity, and transparency in the crypto industry.

Fact: Responsible exchanges constantly improve their security systems and build safety nets for their users, ensuring robust protection of customer funds in the face of potential hacks.

Did You Know: Binance recently announced the rebrand of Binance Feed to Binance Square. This rebrand follows the platform’s evolution to a social platform, with user-generated content and monetisation features for content creators. Find out more here  DM 

About Binance:

Binance is the world’s leading blockchain ecosystem and cryptocurrency infrastructure provider with a financial product suite that includes the largest digital asset exchange by volume. Trusted by millions worldwide, the Binance platform is dedicated to increasing the freedom of money for users and features an unmatched portfolio of crypto products and offerings, including trading and finance, education, data and research, social good, investment and incubation, decentralisation and infrastructure solutions, and more. For more information, visit https://www.binance.com/en-ZA. 

Disclaimer and Risk Warning:

This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial advice, nor is it intended to recommend the purchase of any specific product or service. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance is not liable for any losses you may incur. Not financial advice. For more information, see our Terms of Use and Risk Warning.