Binance Vows to Upgrade 2FA and API Security Protocols in Light of $40 Million Bitcoin Hack
Hacks are a fairly common occurrence in the cryptocurrency world and when they do happen, they are often the subject of a lot of speculation and media reports. However, the crypto world was in collective shock when Binance, one of the most popular exchanges in the world, was hacked earlier this week which led to the loss of over $40 million. While exchanges on all levels suffer attacks, it's not very common that an exchange on the level of Binance would experience such a hack.
Still, the management of Binance has immediately responded to the situation with Changpeng Zhao, the CEO of the exchange, giving an update to users and promising a revamp of the exchange’s security measures following the incident.
The hack itself took place on May 7, 2019, and was a premeditated one, leading to the loss of 7,070 bitcoin which was worth about $40 million at the time. The tokens were taken from Binance’s hot wallets in a transaction that was not immediately detected by the security systems.
It is believed that the attack took place through a combination of phishing and viruses to get a number of 2FAcodes and API keys. CZ has stated that he cannot share too much information about what happened
“Hackers are reading every word we post and watching every AMA we host. Sharing too many security details actually weakens our security response strategy,” he said.
However, he was able to disclose that the exchange is making progress in the revamping of security procedures and measures and stated that some of the changes will be implemented in the next week and that more will take place moving forward.
He did make sure to address the properties that be hackers were able to take advantage of which were the API and 2FA as well as the drawn validation areas. Binance, he says, will improve on its risk management, user behavior analysis, know-your-customer procedures, and anti-phishing tactics.
CZ also made sure to apologize after his faced controversy by publicly speaking about consideration being given to a possible blockchain re-org or rollback.
“Given how much I talk, I sometimes say the wrong stuff, dirty words like ‘reorg’, for which I apologize. It is my strong view that our constant and transparent communication is what sets us apart from the “old way of doing things”, even and especially in tough times,” he said.
The statement in question was made during a live AMA that Binance has considered the idea of a re-org, which basically means incentivizing miners to form a consensus which would hold over 51% of network hashing power and reorganizing blockchain transactions.
However, the idea was ultimately rejected. It also faced harsh criticism from members of the crypto industry because of the damage you could do to the reputation of bitcoin as well as the idea being opposed to its principle of being decentralized at all times.
With that being kept in mind, it is a good sign that Binance is addressing the issues head-on both by revamping their security and addressing what might have caused the hack as well as apologizing for the ill-fated suggestion that had been under consideration. Hopefully, they are able to fully recover from the hack as well as serve as a lesson for other exchanges in the future.