What Can We Learn from the Binance Hacking Incident?By May 08, 2019 3 Min Read
One of the largest crypto exchanges in trading volume, Binance, discovered "a large scale security breach" on May 7 at 17:15:24 (UTC), where 7000 Bitcoin (BTC) are stolen by hackers in one single transaction.
According to Binance’s announcement, hackers use both external and internal methods such as phishing and viruses, to obtain a large number of user API keys, 2FA codes and other information. Binance noted that only BTC hot wallet is affected in this case (which contained 2% of total BTC holding). Changpeng Zhao (CZ) highlighted that the hackers are patient to wait, and use multiple seemingly independent accounts at the most opportune time. When Binance detected such executions, it’s already too late as the funds are gone.
What happened after the hack?
Binance claimed that it will use Secure Asset Fund for Users (SAFU) to cover all losses in this incident to make sure no user funds are lost. Binance has allocated 10% of all trading fees into SAFU since 14 July 2018. Despite Justin Sun offered to deposit USDT at a worth of 7000 BTC to Binance, CZ said that Binance does not need any funding help in this incident. He suggested all the donations should go to Binance Charity Foundation instead.
While trading resumes normal in Binance, deposit and withdrawals will remain suspended for a period of time where Binance said that it will conduct a thorough security review. This review process will take a week due to the bulk amount of user data and existing system architecture. CZ noted that there may be a halt for few hours in trading due to the core system upgrade, yet the details need to be confirmed. In addition, CZ urged the users to change or reset the 2FA settings immediately.
At the same time, Binance is working with other exchanges to block the address of hackers. Coinbase and many other exchanges show their support by pledging to block deposits from hacker address to show “unitedness” of crypto exchanges to fight against any fraud.
Signs of Binance Reorganization?
The hacking incident of Binance has aroused some FUD among the users and the community, one of which is whether Binance will undergo reorganization after the hacking incident. In the AMA session and official tweets from CZ, a reorganization from Binance is “not possible”. He further illustrated the pros and cons of reorganization in a series of tweets as follows:
A re-org for Binance?
1) Binance can “revenge” the hackers by “moving” the fees to miners;
2) Deter future hacking attempts; and
3) Explore the possibility of how Bitcoin network would deal with similar situations in future.
1) The credibility of BTS is damaged;
2) A split in both the Bitcoin network and community, these damages seem to outweigh the $40 mn revenge;
3) Hackers demonstrate certain weak points in Binance design and this causes confusion among users; and
4) It is Binance’s responsibility to safeguard users’ funds.
CZ sums up the re-org debate in one simple tweet:
“To put this to bed, it's not possible, bitcoin ledger is the most immutable ledger on the planet. Done.”
Apart from the Binance hacking incident, CZ revealed a few upcoming initiatives for Binance in the AMA session!
1) A consensus switch from Tendermint BFT to Proof-of-Stake?
Binance will continue to use Tendermint BFT at least in short to medium term.
2) The next project in Binance launchpad?
Currently Binance is finalizing the decision among a few candidates, stay tuned!
3) A margin system is coming?
This system is under the testing stage and will be roll out soon! The system will target large traders first.
From the Binance hack, we further realize the importance of providing custodian solutions in hot wallet, which hot wallet custody providers will be the major leaders in custody going forward.