Announcing CryptoSlate Research — gain an analytical edge with in-depth crypto insight. Learn more.

Security update from Binance CEO, following $40 million exchange hack

Security update from Binance CEO, following $40 million exchange hack

Changpeng Zhao (“CZ”), the CEO of Binance, the world’s largest crypto exchange in terms of adjusted trading volume, has published a blog post in which he apologized for previously suggesting a chain reorg of the Bitcoin (BTC) blockchain.

Following a large-scale security breach of Binance on May 7th, 2019, which resulted in a loss of over $40 million in Bitcoin, CZ acknowledged that the “situation is tough” for the crypto community. He also noted that Binance’s management strives to “maintain the highest degree of transparency.”

Hackers Watching Every Move We Make

However, CZ pointed out that the hackers are most likely keeping a close eye on everything the exchange’s management is saying and doing, including “reading every word” posted by the crypto firm and watching every AMA session hosted by Binance.

World’s Biggest Crypto Exchange Binance Reports 7,000 Bitcoin Hack
Related: World’s Biggest Crypto Exchange Binance Reports 7,000 Bitcoin Hack

According to CZ, “sharing too many security details” could potentially weaken the exchange’s security response strategy. He explained that Binance’s developers are currently revamping some of the exchange’s standard “security measures, procedures, and practices.”

The Binance founder also clarified that the exchange’s management intends to resume deposits and withdrawals “as soon as possible” and that several important changes to the platform’s operating procedures will be completed “within the window of this week.” Additionally, Binance’s team will work on making various other changes to the crypto trading platform’s standard operating procedures in the coming weeks.

Working To Improve Risk Management, Performing User Behavior Analysis

In the security update blog, CZ stated:

“We are making significant changes to the API, [two-factor authentication] 2FA, and withdrawal validation areas, which was an area exploited by hackers during this incident. We are improving our risk management, user behavior analysis, and [know-your-customer] KYC procedures.”

CZ further noted that Binance’s team is working on “more innovative ways to fight phishing” and it is also implementing several new security measures. Some of these changes, CZ said, will not be noticeable to users on the front end.

Adding Support For Security Hardware Devices

In the coming weeks, Binance’s team will be adding support for security-related hardware devices, including YubiKey, a hardware authentication device that “supports one-time passwords, public-key encryption and authentication, and the Universal 2nd Factor and FIDO2 protocols developed by the FIDO Alliance.”

Notably, Binance will conduct an event “very soon” in which it will give away 1,000 YubiKeys as soon as the feature is integrated on the crypto trading platform.

Working With A Dozen Industry-Leading Security Experts

Assessing the damages from the hack, CZ wrote that “impact-wise, the single BTC transaction of about 7000 BTC is the only transaction in which funds were stolen, and it’s quite simple to verify this on the blockchain.”

Related: Binance faces criticism for considering rollback of the Bitcoin blockchain

CZ added that there are many community experts who are closely monitoring every Binance wallet. He also mentioned that Binance’s security team is investigating “all other areas of the system,” in order to ensure that all vulnerabilities on the exchange platform are identified and addressed.

Per the Binance CEO, the exchange is presently working with “a dozen or so industry-leading security expert teams” to help improve the trading platform’s security. He also revealed that blockchain analytics firms are “actively helping” the exchange operator in tracking down the stolen cryptocurrency.

This Incident Will Make Us “Stronger In The Long Run”

After suffering one of the most damaging security breaches of this year, CZ said:

“Mentally, the Binance team is not sad or depressed; on the contrary, we are in fighting mode. This event has further united an already tight team … We will continue to fight for all of us, the community, against hackers and people with ill intentions. I believe this incident, while damaging us now, will actually make us far stronger and more secure in the long run.”

The Binance CEO added:

“Given how much I talk, I sometimes say the wrong stuff, dirty words like “reorg”, for which I apologize. It is my strong view that our constant and transparent communication is what sets us apart from the ‘old way of doing things,’ even and especially in tough times.”

Filed Under: Binance, Crypto Exchanges, Hacks
Omar Faridi

Omar enjoys writing about all topics related to Bitcoin, blockchain, and cryptocurrency. He is most interested in crypto regulations, quantum resistant blockchains, and Ethereum and Bitcoin Core development. His academic background includes an undergraduate degree in computer science from the University of Nevada and a masters of science in psychology from the University of Phoenix. He works as an application developer for the University of Houston and a data storage specialist for Dell EMC.

View author profile

Commitment to Transparency: The author of this article is invested and/or has an interest in one or more assets discussed in this post. CryptoSlate does not endorse any project or asset that may be mentioned or linked to in this article. Please take that into consideration when evaluating the content within this article.

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.