If you harbored any doubts that the crypto industry is going through troubled times, then doubt no more. And if you thought we had heard the last of large-scale crypto exchange hack schemes like the infamous long-defunct Mt. Gox—the Lehman Brothers of crypto--brace yourself for a nasty surprise. Binance, one of the world’s biggest and most reputable bitcoin exchanges, has just reported what appears to be its largest hack to date.
In a post on the company’s site on Tuesday, CEO Changpeng Zhao, fondly known as CZ, has revealed how hackers targeted a single account and spirited off 7,000 bitcoin, worth ~$40.8 million at the current price of $5,828.
Binance has suspended all withdrawals for at least a week.
CZ paints a picture of a well-orchestrated premeditated attack, planned and executed by hackers who had the patience and skill to tap into multiple seemingly independent accounts at the most opportune time.
The culprits employed a variety of hacking tactics including phishing attacks and viruses to secure a large number of 2FA codes and API keys and also access the exchange’s ‘hot wallet’—an online storage that holds about 2 percent of its assets.
In a more recent YouTube update, CZ says they are unsure of the actual number of users affected, and cleaning up their systems to eradicate any trace of the hackers is going to be a painstaking process. Consequently, he has begged customers for forgiveness for suspending withdrawals.
And now to the million-dollar question: can affected customers expect any kind of recompense from the company? After all, 7,000 BTC is hardly chump change, and the fact that it all came from a single account suggests that it most likely belonged to an institutional investor/trader or a bitcoin whale. The potential whale need not lose any sleep over it: CZ has in the past tweeted that any customer funds held at Binance are “SAFU”. Indeed, the company has reiterated this stance, saying lost funds will be covered by the Secure Asset for Users(SAFU), an emergency insurance fund that it set up last year.
CZ considers reorganizing the blockchain
In an even more bizarre move, Binance’s CEO is so mad that he has even considered reorganizing the entire bitcoin blockchain so as to cancel the transactions and ensure the criminals do not enjoy their loot.
But as he has discovered thanks to advice by experts including his close peer, Bitmain’s CEO Jihan Wu, executing the novel idea would be wrought with major challenges that would make it well nigh impossible.
(Click to enlarge)
First off, tampering with bitcoin’s secure ledger could seriously impact the cryptocurrency’s credibility and erode user confidence.
Second, such an action could result in another bitcoin fork which would only serve to dilute the digital currency further. This site claims there are 105 bitcoin forks so far, with 74 still active and relevant to bitcoin holders while the other 34 are historic and meaningless.
The final reason is strictly financial: the cost of reorganizing the blockchain could be prohibitive since the network is not designed to incentivize bailouts of single exchanges.
To cancel bitcoin transactions, you need to convince at least half of the dozen or so major bitcoin mining pools to agree to working with an alternate version, starting from just prior to the attack.
This is likely to be a very tough sell because you would essentially be telling them to give up their past reward blocks of 12.5 BTC each. With a new block mined every 10 minutes or thereabouts, CZ would soon find his entire company is not even worth enough to bail him out.
Mt. Gox claims approved
Until the industry is able to figure out more secure storage mechanisms such as employing third-party custodians dedicated to securely storing crypto assets, the only recourse available for crypto customers will remain compensation after loss.
Luckily, we are beginning to see more of those coming on board.
In March, Mt. Gox’s rehabilitation trustee, Nobuaki Kobayash, announced the first solid measures to settle creditors for the $450-million heist. Binance’s aggrieved customers can only hope they will not have to wait five years like Mt. Gox’s, though the latter’s customers probably won’t mind at all if they are paid back their lost bitcoin rather than the old cash value.
By Alex Kimani for SafeHaven.com
More Top Reads From Safehaven.com: