Binance back online after $40 million hack and after security upgrade


Hack? What hack? Binance is back online after completing its internal review and after completing a necessary security upgrade. It has been a harrowing week for the world’s largest crypto exchange, after it sustained a $40 million loss perpetrated by professional hackers, who summarily removed the exchange’s “virgin” status with a targeted hit on its operating “Hot Wallet”. Up to now, Binance was believed to have one of the best security defenses against potential compromises, but, unfortunately, stealthy crooks knew otherwise. The take was 7,000 Bitcoins, and its whereabouts remains a mystery.

CEO Changpeng Zhao, affectionately known as “CZ”, has performed a yeoman’s task in trying to keep his customers’ minds at ease, while his staff explained: “We have discovered a large scale security breach today, May 7, 2019 at 17:15:24. Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.”

A few days back, CZ sounded confident that order would be restored soon:

Our team is making progress and has been working through the weekend. In the past few days, we have made some significant overhauls to our system, with a large number of advanced security features added and/or completely re-architected. We will share details on some of the changes later.

To CZ’s and the management team’s credit, Binance had decided long ago to build an internal insurance fund to provide for just such a contingency. As a result, there were no negative cash flow impacts, since accumulated reserves in the fund were sufficient to cover the loss. No customers lost any of their balances, which were safe and secure in offline “cold wallet” storage.

The exchange, however, did put a freeze on customer transactions, and the news today is that the review and systems upgrade have been completed:

From now until the commencement of trading, users will be able to cancel orders, process deposits, and use other account related functions. Please note that the withdrawal function will be available shortly after trading resumes.

Trading activity actually resumed on the 15th of May at 3:00 PM (UTC).

Details were not forthcoming on how the hackers were able to compromise what, up until now, was a formidable set of firewalls and security protocols, but according to CZ, the changes to the system were “significant”. They impacted the firm’s application programming interface (API), its two-factor authorization (2FA), and withdrawal validation procedures in order to minimize the risk of future attacks going forward.

Surprisingly enough, Binance’s proprietary token did not suffer. Per other reports:

Evidently, the recent security compromise that affected crypto exchange giant Binance has done little to dampen optimism for the trading venue’s digital currency, Binance Coin (BNB). The price of the tokens issued by the exchange initially fell following the announcement of the hack last week. However, following a series of open announcements from Binance, the exchange’s coin is surging back from its brief decline. BNB leads the way in terms of 24-hour price increases.

Analysts have attributed the BNB token’s resilience to the openness of the management team and the calm displayed throughout the entire ordeal. The ample internal insurance fund, a unique fixture in the industry, may have also helped the market to support Binance and BNB as it did. At the end of this harrowing experience, CZ was able to quip:

We are hurt but not broke.

Quality means doing it right when no one is looking, but in this case everyone was looking, and a high standard of quality was apparent to all.

Read Also: