Binance CEO Publishes Security Incident Update, Apologizes for Blockchain Re-Org Comment

Published at: May 10, 2019

Changpeng Zhao (CZ), CEO of major crypto exchange Binance, has updated reporters on the exchange’s security revamp and investigation into this week’s $40 million hack in a security incident update shared with Cointelegraph on May 10.

The CEO also apologized for having fuelled community concerns by openly discussing the possibility of incentivizing a blockchain re-organization — or transaction rollback — as a possible response to the attack.

As reported, Binance suffered a major and premeditated hack on May 7, which reportedly resulted in the theft of around 7,070 bitcoin (BTC) — worth over $40 million at the time — from the exchange’s hot wallets in a transaction that went undetected by the firm’s security systems.

The attack was reported to have been conducted by tactics that included phishing and viruses to obtain a large number of 2FA codes and API keys. In his security update, CZ said he was restricted in sharing too many details of the exchange’s response to the incident, noting that:

“Hackers are reading every word we post and watching every AMA we host. Sharing too many security details actually weakens our security response strategy.”

Nonetheless, the CEO did disclose that the exchange team was ostensibly making progress in significantly revamping its security measures, procedures and practices. He anticipates that some of the changes will be implemented within this very week, and that a great deal more changes will follow going forward.

Of particular focus, CZ noted changes to the areas exploited by the perpetrators of the theft — namely Binance’s API, 2FA and withdrawal validation areas. He also revealed the platform is aiming to improve its risk management, user behaviour analysis, Know Your Customer procedures and anti-phishing tactics, as well as revising other back-end security measures.

Notably, CZ also used the security incident update as an opportunity to apologize for having sparked a controversy in the crypto community by publicly raising the consideration of undertaking a possible blockchain re-org or rollback in the wake of the hack. He said:

“Given how much I talk, I sometimes say the wrong stuff, dirty words like ‘reorg’, for which I apologize. It is my strong view that our constant and transparent communication is what sets us apart from the “old way of doing things”, even and especially in tough times.”

As reported, both during a post-hack live AMA and in a tweet thereafter, CZ had revealed that Binance had considered — but rejected — the idea of responding to the hack with a re-org: i.e. taking steps to incentivize miners to form a consensus to wield 51% of the network’s hashing power to reorganize the blockchain’s transactions after the loss.

Heeding the intense critique of such a move from members of the community and industry experts, the CEO and exchange decided against the attempt, citing the likely reputational damage to bitcoin and threat to its immutability and decentralization principles.

To press time, Binance is ranked 7th largest exchange globally, seeing a 52.25% recovery surge in daily trade volume.

Tags
Related Posts
Binance CEO Suggests Crypto Exchanges Are Safer Than Keeping One’s Keys
Changpeng Zhao, the co-founder and CEO of cryptocurrency exchange Binance, suggested that for most, keeping crypto assets on an exchange is safer than keeping the keys themselves. Zhao gave his comments in a tweet on Jan. 19 after famous crypto skeptic and gold bug Peter Schiff complained that he lost access to his Bitcoin (BTC). Invoking the phrase “SAFU” — a slanger term in the crypto community for “safe,” Zhao said: “Many hardcore crypto [organizations] advocate storing your own keys. But the truth is, today most people are not able to secure a key even from themselves (losing it). A …
Bitcoin / Jan. 20, 2020
Binance CEO Addresses Concerns Live After $40 Mln BTC Hack, Rejects Blockchain Reorg Idea
Changpeng Zhao (CZ), CEO of major crypto exchange Binance, has devoted his live AMA on Twitter to address community concerns in the wake of yesterday’s $40.7 million hack. The AMA was broadcast live on May 8, 3am UTC. As reported yesterday, Binance suffered a major and premeditated hack, reportedly conducted by tactics that included phishing and viruses to obtain a large number of 2FA codes and API keys. The security breach reportedly resulted in hackers withdrawing around 7,000 bitcoin (BTC) — worth around $40.7 million at the time — from the exchange’s hot wallets, in a transaction that went undetected …
Bitcoin / May 8, 2019
Binance Freezes ‘Some’ Tokens Stolen From Cryptopia: CEO CZ
Major Cryptocurrency exchange Binance has frozen tokens sent to its wallet by the entity who allegedly hacked New Zealand exchange Cryptopia, CEO Changpeng Zhao reported in a tweet Jan. 16. Cryptopia, which is currently shut down as police investigate the hack, lost at least $3.6 million in cryptocurrency, sources reported. While the total amount seized remains unconfirmed, social media users alerted Binance to suspicious transactions from addresses known to be related to the Cryptopia theft. Zhao subsequently said staff had been quarantining the tokens, which appeared to arrive in several batches: 31,320 Metal (MTL) worth $7,830 to press time, and …
Bitcoin / Jan. 17, 2019
Binance Freezes Funds Stolen From Upbit in Late 2019
An address associated with the $50 million hack of South Korean crypto exchange, Upbit, has moved some of the stolen Ethereum (ETH) to Binance. The world's biggest exchange immediately froze these funds on its platform, and has initiated an investigation. On May 13, Whale Alert tweeted that a 137 ETH ($27,164) transaction was moving funds derived from hacked Upbit exchange to Binance. According to the transaction details, the transfer occurred at 12 p.m. EST. Less than one hour after the transaction was flagged, Binance CEO Changpeng Zhao, or CZ, stepped in to the tweet thread to report that the transferred …
Blockchain / May 13, 2020
CZ Blames ‘Self-Perceived Competitors’ for New DDoS Attacks on Binance
The world’s largest cryptocurrency exchange, Binance, has faced a series of distributed denial of service, or DDoS, attacks on its Chinese domains earlier today. Binance CEO and founder, Changpeng Zhao, or CZ, tweeted about the attacks on April 29. He explained that the DDoS attacks caused “some lag and interruption of network access.” Binance CEO reassured that there is no need to be concerned, noting that systems are stable and user funds are safe. Binance co-founder Yi He reportedly alerted the issue earlier today In the tweet, CZ also suggested that the new DDoS attacks on Binance were triggered by …
Bitcoin / April 29, 2020