Binance has experienced a sophisticated attack of user accounts through phishing, viruses and other malware, with 7,000 BTC withdrawn from their hot wallet by hackers.
Changpeng Zhao, Binance’s CEO, said the system was unable to detect the illicit withdrawal, but they are able to cover it from the Safu fund.
Binance launched the Secure Asset Fund for Users (SAFU) in July last year which allocates 10% of trading fees to the fund.
Zhao said they will now halt deposits and withdrawals for a week as they will try to clear up all accounts that might be affected.
He suggested users reset two factor authenticators (2FA) and change their API private keys.
“We must conduct a thorough security review,” Binance said. “The security review will include all parts of our systems and data, which is large. We estimate this will take about ONE WEEK. We will post updates frequently as we progress.
Most importantly, deposits and withdrawals will need to REMAIN SUSPENDED during this period of time… We will continue to enable trading, so that you may adjust your positions if you wish.”
Changpeng Zhao said, after users suggestions, their team was considering a re-org by making a transaction with a huge fee of 7,000 BTC. That would effectively take the funds from the hackers and would give it to miners with Binance still losing 7,000 BTC either way.
It might have deterred other hacks, but something like that would probably only work if it was minutes after the attack. Zhao thus decided against it, stating:
“After speaking with various parties, including @JeremyRubin, @_prestwich, @bcmakes, @hasufl, @JihanWu and others, we decided NOT to pursue the re-org approach. Considerations being:
Pros: 1 we could “revenge” the hackers by “moving” the fees to miners; 2 deter future hacking attempts in the process. 3. explore the possibility of how bitcoin network would deal with situations like these.
Cons: 1 we may damage credibility of BTC, 2 we may cause a split in both the bitcoin network and community. Both of these damages seems to out-weight $40m revenge. 3 the hackers did demonstrate certain weak points in our design and user confusion, that was not obvious before.
Cons: 4 While it is a very expensive lesson for us, it is nevertheless a lesson. it was our responsibility to safe guard user funds. We should own up it. We will learn and improve.”
Binance makes about $60 million in profits per quarter. Presumably that’s in addition to the 10% sent to the Safu fund. $40 million, therefore, although it is quite a lot in normal circumstances, it is arguably a small amount for an exchange with these levels of profit.
It’s long been suggested these sorts of hacks are just a cost of business with the best practices of cold wallets, hot wallets, and an insurance fund (safu) utilized here.
Some suggest such hacks shouldn’t be announced at all if they can be covered through funds, but here Binance went down for unscheduled maintenance with people noticing the 7,000 BTC withdrawal.
It’s unclear why the system was unable to catch the unusual activity, but had it been one 7,000 BTC withdrawal, obviously there would have been more checks.
Here, it seems the hackers have made it appear like it is just normal activity with users withdrawing. It just so happens to be at the same time.
The system didn’t catch it because it looks like the hackers have been learning about the system.
In March 2018, Binance managed to trap hackers who like here had accumulated many account credentials through phishing and so on.
It’s unclear whether that was passed on to law enforcement, but in July again there’s an attempt, this time through API keys, hence the Safu fund is launched.
It was perhaps always a matter of time, but arguably the system could have been designed better. You’d think a bot could have raised a flag after seeing $40 million in total was being requested for withdrawal at the same time.
Presumably that rarely, if ever, happens naturally and even if it does, some little inconvenience during a false flag might be a small price to pay presuming it would be in rare instances.
If the hackers have been studying the system, however, you’d think they would find some hole somewhere eventually. Hence usually hot wallet hacks are considered a matter of when, not if.
That said, the industry, at least in the west, is getting a lot better. Such hacks used to be far more common. Now we can’t recall the last time it happened for a prominent exchange.
In Asia, such hacks have been a lot more common presumably because they had to learn the same lessons with it unclear whether exchanges share best practices with each other. Something which itself could potentially be a security loophole, hence making it difficult to do so.
With time, however, best practices develop somewhat naturally with the lesson in this case very clear: add a fuse to check surges.