A hacker stole $27 million worth of tether [USDT] from a wallet linked to the Binance deployer over the weekend, according to blockchain analyst ZachXBT.

The $27 million loot was converted to ether [ETH] before being sent to exchanges FixedFloat and ChangeNow. All funds were then bridged to bitcoin [BTC] via the THORChain bridge.

According to on-chain data, the victim's wallet had received ether via two separate wallets from the Binance deployer in 2019.

"The user made a withdrawal from Binance, which was valid and authorized on our platform. Unfortunately, the DeFi wallet that received the withdrawal was compromised. While this is outside of our scope of control, Binance's security team is looking into the matter and we will provide assistance where we can," a Binance spokesperson told CoinDesk.

A deployer wallet is a wallet used to create smart contracts. Binance's deployer wallet has been inactive since December, 2020.

THORChain has become an epicenter for hack-related activity over the course of the year – in June hackers that stole $35 million from Atomic Wallet used THORChain to conceal the ill-gotten gains, and last month THORSwap put its platform into maintenance mode after a series of FTX hack-related trades.

Exchanges are often the target of hackers. Last week Poloniex lost $114 million after a hack breached that exchange's hot wallets.

UPDATE (November 13, 2023, 14:45 UTC): Adds comment from Binance spokesperson.

Binance Hack Hot Wallet

Oliver Knight

Oliver Knight joined CoinDesk as a news reporter in April 2022. Before joining CoinDesk, Knight was the Chief Reporter at Coin Rivet for three years. Having graduated with a journalism degree from Birmingham City University, Knight went on to work at various sports publications before diving into the world of Bitcoin in 2014. He does not have any crypto holdings.