Changpeng Zhao (CZ), CEO of major crypto exchange Binance, has devoted his live AMA on Twitter to address community concerns in the wake of yesterday’s $40.7 million hack. The AMA was broadcast live on May 8, 3am UTC.
As reported yesterday, Binance suffered a major and premeditated hack, reportedly conducted by tactics that included phishing and viruses to obtain a large number of 2FA codes and API keys.
The security breach reportedly resulted in hackers withdrawing around 7,000 bitcoin (BTC) — worth around $40.7 million at the time — from the exchange’s hot wallets, in a transaction that went undetected by the firm’s security systems.
In today’s AMA, CZ updated the exchange’s initial figure for the theft to 7,070 bitcoin, noting that the hackers were advanced, persistent and patient and had waited to collect a significant volume of stolen account data before executing the attack.
In the incident’s aftermath, CZ said the exchange was “focused on rebuilding and recovering” its system, and that withdrawals and deposits would only be reactivated once this will have been completed — likely around a week.
Both during the AMA and in a tweet thereafter, the CEO revealed that the exchange had considered — but decided against — responding to the hack with a so-called blockchain re-org approach: i.e. aiming to incentivize miners to form a consensus to wield 51% of the network’s hashing power to reorganize the blockchain’s transactions after the loss.
As an evidently centralized response to hack, the idea was strongly critiqued by many community respondents. While conceding its possible advantages, CZ announced Binance had rejected the idea as it risks damaging the credibility of bitcoin, and could cause “a split in both the bitcoin network and community” — both of which outweigh the ostensible $40 million revenge, he said. He also noted the slim chances of the approach’s success.
The CEO also used the AMA to thank community members for their generous offers of support, including Justin Sun, Coinbase, QKC, and a number of reported others — Sun having notably offered to personally deposit the 7,000 BTC to compensate Binance’s loss.
The CEO said the exchange had sufficient funds to cover the theft, via its Secure Asset Fund for Users, which had been created in July 2018 as a type of emergency insurance.
He also outlined the team’s security advice to users, saying it was highly recommended that users reset their 2FAs and that traders using API change their keys to ensure safety.
Yesterday’s hack represented the highest-profile of a string of crypto exchange hacks so far in 2019 — including Cryptopia, CoinBene, DragonEx, and Bithumb. To press time, Binance is ranked 5th largest exchange globally, seeing a 6.65% loss in daily trade volume.