Changpeng Zhao (CZ), CEO of major crypto exchange Binance, has updated reporters on the exchange’s security revamp and investigation into this week’s $40 million hack in a security incident update shared with Cointelegraph on May 10.
The CEO also apologized for having fuelled community concerns by openly discussing the possibility of incentivizing a blockchain re-organization — or transaction rollback — as a possible response to the attack.
As reported, Binance suffered a major and premeditated hack on May 7, which reportedly resulted in the theft of around 7,070 bitcoin (BTC) — worth over $40 million at the time — from the exchange’s hot wallets in a transaction that went undetected by the firm’s security systems.
The attack was reported to have been conducted by tactics that included phishing and viruses to obtain a large number of 2FA codes and API keys. In his security update, CZ said he was restricted in sharing too many details of the exchange’s response to the incident, noting that:
“Hackers are reading every word we post and watching every AMA we host. Sharing too many security details actually weakens our security response strategy.”
Nonetheless, the CEO did disclose that the exchange team was ostensibly making progress in significantly revamping its security measures, procedures and practices. He anticipates that some of the changes will be implemented within this very week, and that a great deal more changes will follow going forward.
Of particular focus, CZ noted changes to the areas exploited by the perpetrators of the theft — namely Binance’s API, 2FA and withdrawal validation areas. He also revealed the platform is aiming to improve its risk management, user behaviour analysis, Know Your Customer procedures and anti-phishing tactics, as well as revising other back-end security measures.
Notably, CZ also used the security incident update as an opportunity to apologize for having sparked a controversy in the crypto community by publicly raising the consideration of undertaking a possible blockchain re-org or rollback in the wake of the hack. He said:
“Given how much I talk, I sometimes say the wrong stuff, dirty words like ‘reorg’, for which I apologize. It is my strong view that our constant and transparent communication is what sets us apart from the “old way of doing things”, even and especially in tough times.”
As reported, both during a post-hack live AMA and in a tweet thereafter, CZ had revealed that Binance had considered — but rejected — the idea of responding to the hack with a re-org: i.e. taking steps to incentivize miners to form a consensus to wield 51% of the network’s hashing power to reorganize the blockchain’s transactions after the loss.
Heeding the intense critique of such a move from members of the community and industry experts, the CEO and exchange decided against the attempt, citing the likely reputational damage to bitcoin and threat to its immutability and decentralization principles.
To press time, Binance is ranked 7th largest exchange globally, seeing a 52.25% recovery surge in daily trade volume.