Yesterday, it was revealed by Changpeng Zhao (CZ), CEO of Binance, that hackers compromised “a large number of user API keys, 2FA codes, and potentially other info”.
CZ explained that “[t]he hackers used a variety of techniques, including phishing, viruses and other attacks”, but that they are “still concluding all possible methods used” and that “[t]here may also be additional affected accounts that have not been identified yet”. CZ claims that the hack “impacted [their] BTC hot wallet only (which contained about 2% of [their] total BTC holdings)” and that “[a]ll of [their] other wallets are secure and unharmed”.
“The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that. “
CZ went on to explain that they will be conducting a security review and will freeze withdrawals until the review is complete, which they estimate to take one week. He also highlighted that “Binance will use the #SAFU funds to cover this incident in full” and “[n]o user funds will be affected”. SAFU Fund stands for “Secure Asset Fund for Users” and “is an emergency insurance fund” that has been “allocate[d] 10% of all trading fees received” since July 14, 2018 and “stored in a separate cold wallet”.
Mitigating effects of cryptocurrency hacks
[tweet https://twitter.com/Bitfinexed/status/1125948259229491200 align=’left’] This hack does have many similarities to a previous hack on Binance in July 2018. As cryptocurrency is increasing in recognition and price, so does its attention from hackers and the incentive for foul play, which can also be seen in other recent large scale cryptocurrency hacks. Thus, these issues make industry participants wonder how to mitigate the risks of hacks along with the aftermath of hacks.
One of the easiest ways for users to lower their risks of falling victim to a hack is to hold the majority of their cryptocurrency offline where they control the private keys and thus their money, rather than delegating their private keys to an exchange. However, this is a significant barrier to adoption since most consumers have become accustomed to online banking passwords that they can recover if forgotten and/or the money can be insured in case of theft or bank failure. Although, as Binance demonstrated with this hack, and Coinbase and BitGo have also made available, it is possible to have private insurance for stored money in case of unforeseen thefts.
Nevertheless, Binance also briefly considered the more drastic option of rolling back the Bitcoin blockchain to rectify the effects of the hack. CZ explained in an AMA on twitter that they were weighing the pros and cons since there are “ethical and reputational considerations for the Bitcoin network”.
“To be honest, we can actually do this probably within the next a few days. But there’re concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin.”
[tweet https://twitter.com/cz_binance/status/1125996194734399488 align=’left’] But this was quickly denounced by CZ after a swift blowback from the community.
Dash helps mitigate consumer risks
Dash recognizes that there are risks associated with cryptocurrency that many consumers are not accustomed to and have to adjust to in order to get the benefits of an independent money. Thus, Dash has focused on achieving as many wallet integrations as possible to provide consumers with plentiful options when deciding how they want to store their cryptocurrency, including their private keys. Dash also has a robust set of community outreach groups around the world to help educate marginal consumers about how to properly use Dash and avoid user errors. Additionally, Dash is developing Evolution to create a friendly user interface and experience to further this goal of mitigating possible user errors that would dissuade consumers from using cryptocurrency.