The Binance Hack – CRYPTO 101 – Medium
It’s now world-wide news in the cryptosphere. Binance — the most trusted and widely used crypt exchange has been hacked for the first time. As Crypto 101 is designed to break down the complexities of crypto for the average consumer, we take a quick look at the Binance hack, what happened, why some people are concerned and are Binance customer funds safe?
On May 7th, 7074 bitcoins were withdrawn from Binance’s hot wallet — approximately 40 million US dollars worth. The hot wallet holds approximately 2% of the BTC holdings of the company. Hackers were responsible for the attack.
How Did They Do it?
CEO of Binance, CZ did an AMA where he described the attack:
“Basically it was a very advanced persistent hacking effort. They used both external and internal methods to trap a lot of fish and get a lot of user accounts… It is probably the most advanced, and the hackers are very patient. They don’t move as soon as they have one account, they wait for when they have a very large number of accounts and they wait until they get very high networth accounts.”
Over a long period of time the hackers accumulated user accounts via API hacks and 2FA vulnerabilities.
This means if you use Binance, you NEED to renew your 2FA key on your 2FA app and if you trade with APIs you NEED to change them immediately.
Are My Funds Safe?
Currently withdrawals and deposits on all crypto assets hosted by Binance are frozen because they are not 100% how the hack occured, so a total lockdown is necessary to ensure no further funds are lost.
However, Binance has their own internal insurance mechanism to protect against user funds being compromised. So even though 7074 BTC have been stolen and the hack isn’t fully understood so it is possible the hack my continue, personal user funds will also be insured.
“SAFU, the Secure Asset Fund for Users is an emergency insurance fund. On the 3rd of July, 2018, Binance announced the Secure Asset Fund for Users.”
“To protect the future interests of all users, Binance will create a Secure Asset Fund for Users (SAFU). Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”
This means that individuals will not lose any value or funds after this is all sorted.
No, Bitcoin itself is not compromised at all. This hack is like any hack — it compromised a centralised point of failure and control. Binance acts as a custodian of its users’ funds and stores assets in an array of wallets with variable levels of security. These wallets can be (and now have been) hacked and funds can be taken. The Bitcoin blockchain is not under threat when a centralised custodian has their funds stolen.
Essentially, what some people are proposing is that large mining pools and curators of the Bitcoin hash rate could come together and essentially retroactively hard fork Bitcoin to a block before the hack took place which would render all transactions post-hack (including the stolen funds themselves) to be redundant — as if they never happened.
“To be honest we could probably do this in the next few days.” — CZ
This is terrifying. This is what the Ethereum community wrestled with after the DAO hack. They decided to rollback to a point before the funds were hacked and it essentially split the community into Ethereum and Ethereum Classic. They continue to face huge criticism for this move as it directly contradicts the ethos of a decentralised crypto-asset that is immutable and lacks any centralised control.
Thankfully CZ publicly declared a rollback is no longer on the table.
If your decentralised, immutable, uncensorable value can be manipulated and played with by giants in the industry (even if they have good intentions), then it is no longer decentralized, immutable and uncensorable. This is a big deal. It is worth staying tuned and voicing your thoughts to these players that these properties of Bitcoin are important to you and the future of decentralised wealth. Say no to a rollback.
So that is the Binance hack in a nutshell.