May 8, 2019 | AtoZ Markets - The largest crypto exchange in the world, Binance, has recently reported a large scale security breach. The Binance hack caused damage estimated at around $40.7 million worth in Bitcoin.
How did the Binance hack happen?
The company’s CEO Changpeng Zhao, in his letter to the crypto community, addressed the Binance hack. According to Zhao, network security damage was discovered on 7 of May and the hackers were able to obtain API keys, two-factor authentication codes and “potentially other info” of the Binance users.
As per the Binance CEO, the hackers used various techniques, including “phishing, viruses and other attacks.”
Zhao noted in his letter, that the hackers “had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time”.
He explained, that as the hackers were patient, they managed to pass Binance existing security checks and get away with 40 mln USD. Zhao expressed his frustration that the company was “not able to block this withdrawal before it was executed.”
The crypto exchange official outlined that an investigation is in process and there might be more impacted accounts.
It is notable, that the security breach impacted only Binance’s hot wallet, which contains roughly 2 percent of the exchange’s total bitcoin holdings, as the Binance statement says. Zhao added, that “other wallets are secure and unharmed”.
What happens next? Binance's Safety funds will cover the damage
The Binance CEO, during his recent “ask-me-anything” live stream on Twitter, noted, that the company does not need donations or funds to cover the hack.
He mentioned, that they have received offers from many exchanges, including Coinbase. CZ encouraged the crypto community members who wish to support the company, to make a donation to Binance Charity.
“In this difficult time, we strive to maintain transparency and would be appreciative of your support,” Zhao concluded.
According to Binance's notice, it will use its Secure Asset Fund for Users (SAFU fund) to cover the loss, which won’t impact users. The SAFU fund consists of 10 percent of all trading fees absorbed by the exchange and was initially launched to protect Binance’s users “in extreme cases”. It is stored in its own cold wallet.
As for the Binance recovery process after the security breach, the company’s official statement says, that “it will take about one week to fully recover and allow their developers to ensure the platform is secure.”
How can a new Binance hack be prevented? Zhao calls for security checks
The Binance hack announcement comes hours after Zhao tweeted that the exchange was undertaking “some unscheduled server maintenance,” writing that “funds are #safu.”
After the disclosure announcement, Zhao tweeted that the exchange would “provide a more detailed update shortly.”
While talking about funds stolen from the Binance, the company’s CEO explained that withdrawal triggered internal alarms after it was executed. He noted, that the exchange froze withdrawals following the discovery.
The Binance officials stated:
“...deposits and withdrawals will remain suspended for the next week, trading will be re-enabled, though he cautioned that as the hackers may still control certain user accounts.”
The company stressed, that they will conduct “a thorough security review” including its systems and data during the next week.
Zhao revealed Binance future prospectives
During his recent live stream on Tweeter CZ shared the general Binance future prospectives with its community. AtoZ Markets collected the key points, which CZ mentioned.
- Pos and smart contracts as long-term goals. CZ noted that smart contracts were not a first priority for the recently released Binance Chain. He said:
“We have not, to be honest, though too much about the governance model of Binance Chain.
- A big focus is on Binance Chain and getting people to migrate to their platform. Zhao said that projects which are “already on Binance Chain” would have a better chance of being listed on Binance moving forward. The exchange might give preference to such projects regardless of whether or not they have significant interest from the world at large.
- Plan to roll out lrg. traders on the margin platforms first to test it.
- Zhao said that “they won't be adding fiat pairs for trading but will increase fiat payment gateways.”
- It is currently easier to get listed on Binance Chain because they want to focus on adoption. Projects who migrate will get marketing help and exposure.
- OOC is coming, and that they have already been working on it, but work will be delayed for a week because of the hack.
- Binance will open source Binance Chain and DEX after adoption to prevent others from just ripping the code. The long-term goal is to have everything open source. Notable, that while most blockchain projects are open source from the get-go, Binance Chain’s code is not currently publicly available. Zhao says that he wants there to be some real traction on Binance Chain before open sourcing or worrying too much about other things. For major ERC-20 tokens, the CEO says that the chain will probably “do some pegging,” meaning that Binance will offer a token relative to the value of major tokens. Zhao said that Tether USD is only able to be withdrawn in the Omni (BTC) version at the present time. The Tron and ERC-20 version of Tether is not available for withdrawal on Binance.”
- The number one goals for 2019 is mass adoption.
- The Binance team wants to be as transparent as possible.
- Binance tries to work with local regulations whenever possible, the goal is to be most compliant.
- The last point on the list of Binance future prospectives, is about SegWit. Zhao mentioned that SegWit “is on the roadmap but is a lower priority,” so there’s no rush to introduce SegWit or Lightning Network.
Do you think that another Binance hack can occur in the future? Let us know in the comments section below.