- By Pierre Alexandre
- May 8th, 2019
In an official announcement on Tuesday, May 7, crypto exchange Binance confirmed losing 7000 BTC tokens worth $40 million USD to hackers, in a massive security breach. Binance founder Changpeng Zhao announced this unfortunate event saying that the hackers resolved to a variety of attacks to steal the BTC tokens.
This is so far the biggest hack in the crypto industry, in 2019, adding yet another blot to the crypto market. Zhao wrote that the hackers were able to get access to a large number of 2FA codes, API keys, and other potential information.
The hackers have reportedly used all attacking techniques like infusing viruses and phishing. The announcement also notes that the hackers managed to get away with 7000 BTC tokens stored in Binance’s hot wallet, in a single transaction. Binance assures that its hot wallets contain only 2% of its entire BTC holdings and that its other wallets are “secure and unharmed”.
Zhao wrote: “The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed”.
He also notes that the withdrawal of such a huge number of BTC tokens triggered alarms in the exchange’s internal system. Unfortunately, it was too late by then, but Binance still managed to stop succeeding withdrawals after that.
Binance Founder Proposes a Recovery Plan
Within hours after reporting a hack, Binance founder Changpeng Zhao hosted an Ask-Me-Anything live session.
Answering the questions, Zhao stated that Binance could possibly consider the option of rolling back the BTC transactions on the Bitcoin network. However, for this to happen, Binance needs to have the approval of large mining pools and major miners to get a 51 percent control on the Bitcoin network hash power.
However, after talking to several industry experts, Zhao states that he has decided not to proceed with the re-org approach.
Wait what?— Vitalik Non-giver of Ether (@VitalikButerin) May 8, 2019
In the above thread, Zhao states certain pros and cons of rolling back the BTC transaction but agrees that the cons outweigh the pros.
pros: 1 we could "revenge" the hackers by "moving" the fees to miners; 2 deter future hacking attempts in the process. 3. explore the possibility of how bitcoin network would deal with situations like these.— CZ Binance (@cz_binance) May 8, 2019
He notes that although they could do the rollback in the next few days, it will have far-reaching negative consequences that could destroy Bitcoin’s credibility.
cons: 1 we may damage credibility of BTC, 2 we may cause a split in both the bitcoin network and community. Both of these damages seems to out-weight $40m revenge. 3 the hackers did demonstrate certain weak points in our design and user confusion, that was not obvious before.— CZ Binance (@cz_binance) May 8, 2019
Thus, they have decided to drop the rollback plans owing to the “ethical and reputational considerations for the bitcoin network”. Later, Zhao makes a concluding tweet that they have decided not to proceed with the Bitcoin network re-org plan.
To put this to bed, it's not possible, bitcoin ledger is the most immutable ledger on the planet. Done. https://t.co/rKLBCEZmgp— CZ Binance (@cz_binance) May 8, 2019
Bitcoin educator and developer Jimmy Song also presents some strong reasons and calculations to why it won’t be feasible to pursue the Bitcoin network re-org.
1/ Back of the envelope math for doing a 58 block reorg (current confirmations for the tx that took money from binance):— Jimmy Song (송재준) (@jimmysong) May 8, 2019
Minimal cost: 58 * 12.5 btc = 725 BTC (assumes every miner would get roughly the same tx fees in the new chain and that 100% of miners go with this scheme)
On the other hand, Bitcoin core developer Jeremy Rubin present Zhao an idea of conducting the network re-org in a decentralized way.
@cz_binance if you reveal your private keys for the hacked coins (or a subset of them) you can decentralized-ly at zero cost to you, coordinate a reorg to undo the theft.— Jeremy Rubin (@JeremyRubin) May 8, 2019
In the future, I'd like consider a standard way of dealing with a hack to be to, within 6 blocks, reorg the attacked funds to a transaction which pays out on a long term timelocked schedule to future miners.— Jeremy Rubin (@JeremyRubin) May 8, 2019
That way at least these hacks can secure the future of bitcoin :p
No one is going to re-org the Bitcoin blockchain over this.— WhalePanda (@WhalePanda) May 8, 2019
1) no bailout should ever be done, this isn' Ethereum
2) 7000 btc isn't that much for Binance (if they were honest about how much they are making)
3) play stupid games, win stupid prizes.
Recovering the Loss By Using the SAFU Fund
Despite everything, Zhao has assured his users that Binance has enough liquidity resources to recover the $40 million hack. To recover this massive loss, the exchange will use its Secure Asset Fund for Users (SAFU fund) without impacting the users.
The fund is developed to protect Binance users in such extreme cases by storing 10 percent of all the transaction fee on the exchange.
Binance said that it would be conducting a thorough security review of its system to plug all the existing loopholes and ensure that such unfortunate events are not repeated. For a week’s time, Binance has suspended all the deposit and withdrawals on its platform.
“In this difficult time, we strive to maintain transparency and would be appreciative of your support,” wrote Zhao.
A lot of talk about how a chain re-org would be "Bitcoin working as intended" and that it's not about morals but incentives. What these calculations are missing is the greatest incentive against a re-org: It would jeopardize BTC's most important value proposition - immutability.— Stillman (@Stillman_Crypto) May 8, 2019
Real Rollback was CZ rolling back his position on whether a Bitcoin rollback/re-org is possible.— Crypto King of Pop (@CryptoKingofPop) May 8, 2019
Technically it is.
This incident shows that most powerful force in Crypto is aligned incentives.
Aligned incentives of the Bitcoin Community made the No-ReOrg call an easy one. https://t.co/5cTwksIGvL
On the proposed Bitcoin/Binance re-org:— JP [ ₿ ⚡️] (@jpthor__) May 8, 2019
1) It is how the protocol works, deal with it
2) Not likely to be tried due lack of coord w/ pools
3) It it is tried, will lead to a fee bidding war where 7k BTC end up as fees to miners
Relax and hodl on. Accumulate PoW on ur UTXOs
A chain re-org was suggested before in 2016, before also being withdrawn due to the major consequences #Bitcoin would face as it would be proven to be centralized and censorable. https://t.co/oxiWpA0Prj— Dave Jones (@Dave_Jonez_02) May 8, 2019
1. Sounds like CZ & Binance didn’t initiate the re-org discussion. 2. I think it’s an attempt from BTC opponents to weaken the immutability dialogue around Bitcoin. 3. My understanding is that the vast majority of miners/key stakeholder support no reorg. https://t.co/2OoKtkTQST— Gabor Gurbacs (@gaborgurbacs) May 8, 2019
- Pierre Alexandre
- Pierre Alexandre
- Pierre Alexandre
- Solene Leafy
- Pierre Alexandre
- Pierre Alexandre