Binance announced a major setback today after hackers breached its network and got away with cryptocurrencies worth $40 million (including 7,000 Bitcoin tokens). The exchange later confirmed that it had traced the heist to a single wallet.
Among the stolen contents was various sensitive information including two-factor authentication codes and API keys. Binance is currently the largest digital assets exchange in the world by trade volume.
There has been an outpouring of support from the crypto community worldwide as the exchange evaluates various options at its disposal to limit the extent of the damage.
Tron CEO Expresses Solidarity
Shortly after the news of the breach started making headlines, Justin Sun took to Twitter saying he would like to “personally deposit” Tether (USDT) worth $40 million into Binance if the exchange was willing to accept the gesture.
The Tron CEO added that he would spend the deposit on buying BTC, BNB, BTT, and TRX.
— Justin Sun (@justinsuntron) May 8, 2019
In response, Binance CEO Changpeng Zhao (a.k.a CZ Binance) tweeted back saying that while he appreciated Sun’s gesture, the exchange was not looking for financial help at this juncture. The situation is not nearly as dire, he hinted, and went on saying that Binance was “hurt, but not broke.”
He further added that the exchange was working hard behind the scene to resume routine transactions as early as possible.
Thanks for the support, really appreciate it. But currently no need. We will cover the loss from the #SAFU fund, there is enough. We are hurt, but not broke.
We are working hard to resolve the issue, so that everyone can deposit and withdrawal again. Will take some time. https://t.co/0j4J0fk99W
— CZ Binance (@cz_binance) May 8, 2019
Meanwhile, Michael Arrington, founder of TechCrunch and partner at Arrington XRP Capital, chipped in with a light-hearted comment urging Zhao to “take the money anyway.”
I mean, take the money anyway. 🙂
— Michael Arrington (@arrington) May 8, 2019
Vengeance Isn’t Worth The Possible Damage To BTC
Stung by the breach and the ensuing chaos, the Binance CEO even considered the so-called “rollback approach,” an outlandish idea that would involve taking control of the whole Bitcoin blockchain and neutralizing every single transaction carried out by the hackers during the breach.
As of press time, Zhao has clarified that he is no longer in favor of the rollback approach as it could seriously damage Bitcoin’s credibility, among other negative consequences.
He said Binance opted not to go along that route after consulting a number of experts including Jihan Wu, Bitmain co-founder; Jeremy Rubin, a key Bitcoin Core Contributor; James Prestwich, founder of Summa; and Brandon Curtis, Director of Research at Radar, among others.
He even listed the pros and cons of the hypothetical move in a series of follow-up tweets as:
1. It could “revenge” the hackers by “moving” the fees to miners.
2. Deter future hacking attempts in the process.
3. Explore the possibility of how bitcoin network would deal with situations like these.
1. It may damage the credibility of BTC.
2. It may cause a split in both the Bitcoin network and community. Both of these damages seems to out-weight $40m revenge.
3. The hackers did demonstrate certain weak points in Binance’s design and user confusion, that were not obvious before.
Non-Custodial Exchanges Are Not As Vulnerable: BBOD Economist
There’s no doubt that this latest breach at Binance, a leading exchange well-known for the phrase “funds are safu,” has got people wondering if their funds are ever truly safe when stored at a centralized exchange and if these vulnerabilities exist with decentralized or non-custodial exchanges.
Piotr Arendarski, the Chief Economist at BBOD, a semi-decentralized crypto futures trading platform, said that he has been receiving a lot of questions in the wake of this event:
“Considering the recent event at Binance, we have received many questions about how non-custodial exchanges, including BBOD, protect users’ funds.”
Arendarski stated that non-custodial exchanges guarantee better security against the kind of breach that occurred at Binance. He elaborated citing BBOD as an example:
“In the case of BBOD, all clients have their own personal smart contract account at BBOD which is strictly linked to their personal externally owned account. The user deposits coins from their externally owned account to their personal contract account at BBOD and the user’s funds may be withdrawn only to their externally owned account from which they were deposited.”
“Therefore, at BBOD hackers would have not been able to withdraw coins to their externally owned accounts.’”
More Updates: API Keys Reset Complete, Financial Losses Could Be Worse Than Thought
Binance has now announced that it has successfully reset the stolen API keys.
“Due to irregular trading on some APIs, Binance will restrict all currently existing API keys to have trading functionality only. These keys will then be removed in full at 2019/05/08 1:30 PM (UTC).”
That means API users now have the option to recreate their API keys to access full functionality. The newly created API keys won’t be removed at said time, the exchange confirmed.
While remedial measures are already underway and Binance is expected to bounce back from the attack sooner than later, a new report by Financial Times claims that the financial damage inflicted could be worse than initially anticipated.
Citing a company spokesperson, the report claims that “there may be additional affected accounts that have not been identified yet [..]”