coinspeaker.com
On Tuesday, the world’s largest cryptocurrency exchange Binance lost 7000 BTC tokens from its platforms worth $40 million. In the official announcement, Binance reported about the large scale security breach on May 7.
The exchange notes that hackers managed to steal 7000 BTC tokens from Binance’s hot wallets in a single transaction. Binance founder Changpeng Zhao wrote:
“Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet”.
The official announcement about the hack came just hours after Changpeng Zhao tweeted about “unscheduled server maintenance”.
Have to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple hours. No need to FUD. Funds are #safu.
— CZ Binance (@cz_binance) May 7, 2019
However, the official announcement from Binance notes that the hack only impacted the exchange’s hot wallets. These hot wallets contain only 2% of Binance’s entire Bitcoin (BTC) holdings. Zhao assures that all of Binance’s other wallets are secure and unharmed. He wrote:
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.
It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that”.
Soon after the news of Binance’s security breach arrived, Coinbase and other exchanges have initiated the action to block deposits from the hackers address. Zhao has also assured that the exchange will conduct a “thorough security review” for its entire system.
Covering the Losses from SAFU Fund
To cover this massive loss, the exchange said that it would use its Secure Asset Fund for Users (SAFU fund). The fund is a back-up option to protect Binance users in “extreme cases” just like this one. The fund comprises 10 percent of all the trading fee earned by the exchange. Zhao assured that the SAFU fund has enough to absorb th4 $40 million loss.
To provide some confidence and assurance of safety to Binance users, Zhao conducted an AMA session a few hours back.
— Binance (@binance) May 8, 2019
At one point Zhao also considered a complete roll-back of the Bitcoin transactions. However, it would require 51 percent on Bitcoin’s total hashing power and consensus from different mining pools. Zhao spoke to several prominent industry players on executing the rollback option but later decided not to go for it since there are the “ethical and reputational considerations for the bitcoin network.”
In the below Twitter thread, Zhao explains the reasons for not considering the rollback of Bitcoin transactions.
After speaking with various parties, including @JeremyRubin, @_prestwich, @bcmakes, @hasufl, @JihanWu and others, we decided NOT to pursue the re-org approach. Considerations being:
— CZ Binance (@cz_binance) May 8, 2019
For the next one week, deposits and withdrawals on Binance remain suspended until the exchange figures out complete safety. “In this difficult time, we strive to maintain transparency and would be appreciative of your support,” wrote Zhao.
Soon after the hacking report Bitcoin lost over $100 in a sharp downward movement as visible on its daily chart. However, after the immediate responses by CZ and the Binance team, the price is again recovering well.
At the press time, Bitcoin is trading 1% down at a price of $5877 and $103 billion market cap.