Changpeng Zhao, CEO of Binance, one of the world’s largest cryptocurrency trading platforms, has issued a blog post stating the business is working hard to tighten security after hackers stole 7070 Bitcoins (worth ~$44 million USD) from an exchange hot wallet earlier this week.
Zhao writes that Binance is working with, “a dozen or so industry-leading security expert teams to help improve our security as well as track down the hackers…” and is also, “working closely with many exchanges and other service providers to freeze the stolen funds.”
He describes security updates in general terms because “…hackers are reading every word we post and watching every AMA we host.”
Security improvements are described as follows:
“We are making significant changes to the API, 2FA, and withdrawal validation areas, which was an area exploited by hackers during this incident. We are improving our risk management, user behavior analysis, and KYC procedures. We are working on more innovative ways to fight phishing. We also have a number of additional security measures being implemented not directly visible on the front end.”
Zhao also briefly apologizes for suggesting Bitcoin miners could be incentivized to “re-org” Bitcoin software to recover the stolen funds as a bounty:
“Given how much I talk, I sometimes say the wrong stuff, dirty words like “reorg”, for which I apologize.”
A rollback or “re-org” of Bitcoin’s transaction records is a notion anathema to fans of the protocol, who prize the network’s immutability.
Immutability (permanence of records on the blockchain) is the reason Bitcoin uses the electricity-guzzling system called “proof-of-work” to encrypt records.
That Zhao would even consider a re-org is bizarre. It not only suggests that he may believe that a certain cadre of miners possess the monopoly necessary to do so, but also affronts the “public blockchain” ethos of bitcoin to favour Zhao’s own private interests.
All those implications proved deeply concerning to Bitcoiners, who also prize “decentralization,” the concept that no single party controls Bitcoin. Twitter and other forums lit up in protest and disgust after Zhao expressed the idea.
Another key notion in Bitcoin and crypto circles is that of “being one’s own bank” and controlling one’s own private keys. This requires storing bitcoins offline in “a hardware wallet,” essentially a souped-up thumb drive. Storing bitcoins on an exchange is rightly considered a security risk given numerous hacks.
Zhao addresses the “no keys, no crypto” social trend in the blog post as follows:
“We will be adding hardware device support, such as YubiKey and other devices, very soon. We will run an event and give away 1,000 YubiKeys as soon as that feature is implemented.”
Zhao says withdrawals and deposits on Binance will “tentatively” resume early next week.