Binance Hack

On May 7th, about $40 million dollars worth of Bitcoin were stolen from Binance. A few hours later, Changpeng Zhao, the CEO of Binance, started to write about this scary situation on Twitter. He soon followed with a blog post giving some explanations on what had happened. He also made a live stream video explaining the main causes of this hack as well as the future plans for Binance. Even though this was the trending topic on Twitter during those days, it didn’t negatively affect market prices at all. Now that the dust has settled, let’s take a closer look.

 

THE VULNERABILITIES

Binance is a huge exchange whose token(BNB) places #7 on the top 100 cryptocurrencies by market capitalization on coinmarketcap.com. Binance supports around 473 markets or trading pairs and it is said to have more than 7+ million users. This implies the need for a bigger team to address issues as the responsibility that this exchange carries is huge. This exchange counts on an API; think of this as a communication point from one website to the Binance servers. It seems that the API had certain vulnerabilities that led hackers get private keys from their hot wallets. The hackers also managed to do phishing in order to obtain even more private keys.

The CEO of Binance didn’t want to go further into the details of the vulnerabilities as it could weaken their security strategy. After all, hackers read the same messages. He did comment the following:

We are making significant changes to the API, 2FA, and withdrawal validation areas, which was an area exploited by hackers during this incident.

These are only front-end issues that were being solved straight away; additional security was added also to the back end.

 

PATIENCE WAS THE SUCCESS FOR THE HACKERS

The hackers wanted to collect the highest quantity of private keys before they initiated their coordinated attack. A single account theft may have raised alarms and the hack wouldn’t have resulted in such a big loss as preventive measures may have been implemented prior to their next attack. The hackers in the end managed to take out 7000 BTC in one single shot. We don’t know how much time it took for the hackers to gather the information, but we can conclude that patience was the key to their success. They essentially gathered the information until the time was right. This  isn’t new. It actually happens in many other fields, like the attack a few years back involving Ukraine’s power grid. A virus can actually sit within a network and collect information in order to send it back to the attackers so that they can make adjustments in order to deal a bigger blow when they see fit.

 

BINANCE MAKING THEMSELVES RESPONSIBLE – NO MARKET REACTION

We aplaud the fact that CZ and the Binance team kept the transparency at a very high level even under this difficult moment. Binance had some insurance funds in case situations like this happened. They took responsibility for the $40 million, therefore, their customers’ funds are still safe. Binance did do a set of updates which required to stop trading for a duration as well as cancelling withdrawals for security reasons. This is the latest update regarding withdrawals provided by CZ on May 15th at approx. 1 PM Eastern Time.

Surprisingly, the market had no significant reaction over the last week. At the moment it occurred, the Bitcoin price fell by only 2% which practically makes it a non-event. Instead, the price kept moving up like nothing happened. As we know, BTC is now at around $8k. Of course, nobody is just letting that go as any hack is indeed a big deal. Though it seems that the crypto market has matured. A few years back, this would have caused a huge pullback.

 

WHY ARE PEOPLE GETTING HACKED?

People are now posing the following question: If blockchain is so secure, then why is everyone getting hacked? Whether centralized or decentralized, you can always be fooled by going to a site that looks like the one you intended to go to. This is why you have to be very careful that you are at the right website every time you go log in anywhere that stores your personal information, such as a bank website or a crypto exchange page. This is why I save my verified links so that I do not type them incorrectly. And even then, I still verify the URL. You can learn more about phishing here.

Binance has posted the following:

Identify and avoid phishing attempts. Always check the emails you receive and the websites you log in to. Many successful attacks involve fake websites and forms that masquerade as exact replicas, or giveaways, for websites you have accounts with. Make it a habit to check the address bar of the websites you visit for accuracy, as well as the details regarding the source of e-mails you receive.

 

IS BLOCKCHAIN TECHNOLOGY A SOLUTION?

As for blockchain technology, it is by far more secure than anything we have seen in the past. Why? Because it will require for a hacker to have an enormous amount of computing power which is currently not feasible. This is because the transactions are occurring on many servers with cross verification which require the hackers to overtake a huge amount of computing power. So then why is everyone getting hacked? Well, Binance is not decentralized for one. It resides on centralized servers which are a target point for hackers. That is why you should not store your holdings on an exchange.  The problem resides with centralized systems. Just a few days ago, Whatsapp got hacked via a vulnerability that was discovered. This is one of many recent hacks on centralized systems.

A solution to centralized exchanges are DEXs (Decentralized Exchanges) that could work within a smart contract that allows trading without any third party holding private keys; but on the other hand, we understand that many people prefer to put their trust on a centralized exchange thinking that holding their own funds is also a risk. Quite honestly, we don’t blame them. Especially if you are new to something which you do not fully understand, as is the case with many of us when it comes to crypto. For the time being, both centralized and decentralized systems need to keep improving because we cannot take security for granted. Also, decentralized systems need to mature and get it right. At that point, we may not need centralized platforms anymore.

 

NO MARKET REACTION BUT A HUMBLE COMMUNITY REACTION

The community reacted quite positively to the Binance situation especially after hearing that Binance was backing up the lost funds. The fact that everyone loves Binance may have also played a big role.

JUSTIN SUN OFFERING HELP

Amid this situation, Justin Sun came out publicly on Twitter offering support to Binance by offering 7000 BTC worth of USDT. Check the tweet below:

 

 

Blockchain To The Next Level

We can conclude that blockchain is definitely headed in the right direction. With education and understanding, blockchain will continue to expand and integrate into our lives. It may take some time, as it did with the internet revolution, but it will definitely come to be as a result of all the benefits that it presents us. The reaction to the Binance hack was a prime example of how this market has matured.  It is no longer the market that would crash because of a mistake made by one entity. It is much bigger than that.

Comments

Oscar Quintero

I'm an electrical engineering student and University Professor. Blockchain enthusiast and speaker in Venezuela. I love to read and write and am very passionate about new technologies.