After a sTron (available on Binance)g last four days, with the price of Bitcoin (available on Coinbase) rallying to trade above $6,600, it fell by 2.5% in under four hours in the aftermath of the news of an attack on the world’s largest exchange by trading volume. At the time of writing, Binance’s exchange is closed for withdrawals, deposits and trading.  Undergoing what is being described as ‘Systems maintenance’.
There is also market concern that once the exchange reopens for transactions there will be a rush of users withdrawing their funds from the platform because of safety concerns, potentially leading to an even bigger market dip as a new wave of FUD surrounding the safety exchanges surfaces.

The exact details regarding the nature of the irregularity are yet to be confirmed. However,  extreme movements of the Syscoin token on Binance’s platform are almost certainly the cause.

A huge spike in the value of SYS, from trading at under 0.00003 BTC to having a buy order of 96 BTC on Binance.
The team behind the Syscoin blockchain contacted Binance and other exchanges to suspend movement of Syscoin until the issues on its blockchain could be properly addressed.
 

What is clear, a few hours after this tweet, is that this has become an actual issue and not a ‘possible’ one. Syscoin’s block explorer indicates that a billion coins were mined on a single block of the cryptocurrency, far more than the 888 million thought possible on the entire network. Experts have said that this may not have been a more commonly seen 51% double spend attack, but rather a buffer overflow vulnerability, similar to the one that occurred on the Bitcoin (available on Coinbase) blockchain in 2010.
Because the hackers had mined so many of the network’s blocks for the period of the attack, the blockchain could not be rolled back and the transactions were finalized.
Binance exposed
Along with the ability of the attackers to abuse the hashrate of the Syscoin network, it is likely that they were able to hack the SYS token API run by Binance. This tweet from Binance sent in the last few minutes seems to clarify that Binance’s API systems were exposed. 

It appears that the hackers may have accessed the Binance API for SYS, and manipulated it in order to create the surreal buy/sell order scenario mentioned earlier. Leading to innocent SYS traders or Binance liquidity bots, switching BTC for the artificially created supply of SYS, at ridiculous prices. Hacker News user ‘Snissn’ offered up the following theory:
Binance lets users trade in two ways: through their web and mobile apps and through an Application Programming Interface (API) that lets developers write software to write trades. This API uses access credentials called keys that authenticate the different traders. The leading theory/rumor on what happened earlier today is that someone in an unknown way managed to hijack a significant number of API keys, or otherwise compromise the API server to impersonate a large number of users. They used this deceitful move in coordination with a primary account that they controlled. On this primary account they put a lot of SYSCoin for sale. They had the hacked API credentials buy a lot of their sell orders to generate a significant amount ~50MM of Bitcoin (available on Coinbase).
Uncertainty remains as to the connection between the new supply of SYS tokens generated, and the possible API hack. It may be the case that the API hack was used to create the new supply of SYS, or that SYS was exposed to the buffer overflow vulnerability first, and then the Binance platform was attacked.

Conclusion
There are still no definitive answers as to how the attackers carried out the raid, and how compromised the Syscoin blockchain and Binance exchange are in its wake. What is apparent is that this is yet anotherwake-upp call with regards to the inherent security risks in the existing digital asset infrastructure. Centralized exchanges continue to show vulnerabilities, and crypto holders who face very few alternatives other than to use them, continue to be let down.