Funds Are SAFU, but Reorg Is Not: What We Know About the Binance Hack So Far

Published at: May 9, 2019

Binance, one of the world's largest cryptocurrency exchanges, experienced a “large scale” data breach on May 7. The hackers reportedly stole around 7,000 Bitcoin (BTC), worth more than $40 million as of press time.

As the platform explained via a public statement, the fraudsters had managed to steal users’ application programming interface (API) keys, two-factor authentication (2FA) codes and other information, which supposedly helped them to orchestrate the attack.

Binance has announced that it will use its reserves “to cover this incident in full,” hence “no user funds will be affected.”

The attack: 7,074 BTC stolen, details are still sketchy

Initially, Changpeng Zhao, CEO of Binance, announced “some unscheduled server maintenance” on his platform via Twitter, warning that deposits and withdrawals might be blocked “for a couple hours.”

“No need to FUD,” he wrote, following with his trademark line: “Funds are #safu.”

In about four hours, Binance released an official statement revealing that a “large scale” security breach took place on May 7 at 17:15:24 UTC.

According to the exchange, the details of the attack are still sketchy:

“Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.”

As a result, the fraudsters were able to withdraw 7,074 BTC, as can be seen on the blockchain explorer. The transaction had 44 outputs, 21 of which were native Segregated Witness (SegWit) addresses, and those addresses received 99.97% of the funds.

Binance has declared that it was “the only affected transaction,” and that only the BTC hot wallet (containing about 2% of Binance’s total BTC holdings) was compromised. “All of our other wallets are secure and unharmed,” the exchange wrote.

“They [the hackers] used both internal and external methods to trap a lot of fish and get a lot of user accounts,” Zhao said during an AMA session on Periscope, stressing that the attack was highly advanced. According to the Binance CEO, the hackers waited until they had managed to capture a large number of accounts, including “very high net worth accounts,” before carrying out the assault.

“Our security measures were not able to stop that withdrawal, which costed us 7000 BTC…”

Indeed, as implied by Redditor u/dekoze, the attackers could have used a number of hacked verified accounts to withdraw the funds. “They moved the stolen funds from various phished users by trading way out of range on illiquid pairs,” the user suggested. “Just look at LINK/PAX, 100k LINK was traded in a 1m candle and reached $9999 USD. That allows you to effectively move all the funds to a few accounts with withdrawal privileges of >100 BTC.”

Soon after the security breach was spotted, Binance suspended all withdrawals and deposits for “about one week” to conduct a thorough security check. “We believe with withdrawals disabled, there isn’t much incentive for hackers to influence markets,” the exchange wrote, adding that all trading within the platform will remain enabled.

According to the Binance CEO, a number of crypto exchanges, including KuCoin and Coinbase, are collaborating with Binance to block deposits from the hacked addresses. The stolen funds have been reportedly moved since the hackers obtained them. First, Anti-Money Laundering and Counter-Terrorist Financing firm Confirm released an analysis showing how 1,227 BTC were moved to two new addresses, one holding 707 coins, while the other one holding 520.

Then, cryptocurrency news outlet The Block reported that the funds from the aforementioned 44 addresses have allegedly been moved to seven addresses, six of which hold 1,060.6 BTC, while one holds 707.1 BTC.

Funds are SAFU: Binance says it will completely cover the loss using its reserves

Binance has stated that all losses will be covered by its emergency insurance fund. Dubbed “secure asset fund for users (SAFU),” it was announced last year as an initiative to “offer protection to users and their funds in extreme cases.” According to Binance, 10% of all trading fees have been being sent to a separate cold wallet starting from July 14, 2018. Zhao said during the Periscope stream:

“We’re completely okay on the funding side. It does hurt very much, but we’re able to cover that.”

Notably, Tron (TRX) founder and CEO Justin Sun has offered to deposit 40 million tether (USDT) to Binance in exchange for binance coin (BNB), BTC, TRX and bittorent coin (BTT).

The proposition has drawn criticism from some Twitter crypto community members, who suggested that the TRX founder was essentially offering a marketing ploy by proposing to buy the coins “he already has a vested interest in.” Zhao has declined Sun’s offer, explaining that Binance has enough funds to cover the loss.

According to reports from online transaction monitoring resource Whale Alert, 30,000,000 TRX (around $733,679) were transferred from an unknown wallet to Binance after the exchange had announced that all withdrawals and deposits were suspended.

When asked about this, a Binance spokesperson explained to Cointelegraph that “transactions to wallets can still occur but won't be reflected on Binance until our security review is complete.”

Binance has considered a “reorg,” but was advised against it

Binance has considered “reorging” (i.e., reorganizing) the bitcoin blockchain, which could potentially allow them to recover the stolen funds, but rejected the idea after consulting with various parties.

Ultimately, the move would aim to incentivize miners to form a consensus to wield 51% of the network’s hashing power and subsequently reorganize the blockchain’s transactions associated with the security breach.

As proposed by Bitcoin Core contributor Jeremy Rubin, such an approach could have involved Binance essentially conferring retroactive ownership of the hacked bitcoin to the blockchain’s miners by revealing the exchange’s private keys for the affected coins, or even ostensibly ‘sign[ing] batches of txns with the old utxos paying miners with different locktimes to make it a permanent reward to unwind this hack.’”

Later, Zhao tweeted that, after speaking to a number of crypto actors — including Rubin and Bitmain co-founder Jihan Wu, among others — Binance decided against the plan.

As the exchange’s CEO explained, even though the move could allow Binance to take “revenge” on the hackers and move the stolen funds back, the credibility of BTC could be damaged as a result. “We may cause a split in both the bitcoin network and community,” Zhao added.

In the comment section, many crypto Twitter users criticized the plan, asking why Binance would consider centralizing the network in the first place. Bitcoin enthusiast and network engineer Melik Manukyan tweeted about the proposal to reorg, writing that Binance “didn't decide not to” but realized it could not. “True that too, that's what Jihan advised/educated me on too,” Zhao replied. “I trust his advice.”

Eventually, the pundits were joined by Galaxy Digital CEO Michael Novogratz, who also denounced the idea to reorg the network. “I am shocked that @cz_binance [Binance CEO Chengpeng Zhao] even went there,” he tweeted, arguing that bitcoin’s network is too mature at this point to be altered:

“Talk of forking or reorganizing the blockchain is close to heresy. When the ethereum community did it the project was like 5 months old. A baby. Bitcoin now has $100bn market cap and is a legitimate store of wealth.”

In response, Zhao argued that the plan was to construct a transaction “that would keep all other tx [transactions], and just distribute the hacker coins to miners,” without affecting the network at large.

“It turns out the re-org discussion is hotter than the incident itself,” the Binance CEO later wrote in a separate tweet. He also stressed that the idea was initiated by Rubin, not the exchange’s team.

Reorg is not an entirely new concept; similar suggestions were made back in 2016, when Bitfinex was hacked for 120,000 BTC.

The Binance hack marks the largest security breach of 2019 so far — even though Coinbene is reported to have lost $100 million, it has yet to officially confirm it.

Tags
Related Posts
Binance CEO Suggests Crypto Exchanges Are Safer Than Keeping One’s Keys
Changpeng Zhao, the co-founder and CEO of cryptocurrency exchange Binance, suggested that for most, keeping crypto assets on an exchange is safer than keeping the keys themselves. Zhao gave his comments in a tweet on Jan. 19 after famous crypto skeptic and gold bug Peter Schiff complained that he lost access to his Bitcoin (BTC). Invoking the phrase “SAFU” — a slanger term in the crypto community for “safe,” Zhao said: “Many hardcore crypto [organizations] advocate storing your own keys. But the truth is, today most people are not able to secure a key even from themselves (losing it). A …
Bitcoin / Jan. 20, 2020
Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet. Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens. According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday. …
Bitcoin / Aug. 30, 2021
CZ Blames ‘Self-Perceived Competitors’ for New DDoS Attacks on Binance
The world’s largest cryptocurrency exchange, Binance, has faced a series of distributed denial of service, or DDoS, attacks on its Chinese domains earlier today. Binance CEO and founder, Changpeng Zhao, or CZ, tweeted about the attacks on April 29. He explained that the DDoS attacks caused “some lag and interruption of network access.” Binance CEO reassured that there is no need to be concerned, noting that systems are stable and user funds are safe. Binance co-founder Yi He reportedly alerted the issue earlier today In the tweet, CZ also suggested that the new DDoS attacks on Binance were triggered by …
Bitcoin / April 29, 2020
Binance Helps UK Police to Stop $51 Million Phishing Fraud
Binance claims to have assisted British prosecutors in an investigation of an online fraud that resulted in over $51 million losses by victims. Criminal is now jailed On Sept. 26, Binance’s chief compliance officer Samuel Lim published a blog post saying that the exchange was working with the Cyber Crime Unit of the United Kingdom’s Metropolitan Police Service to investigate into Bulgarian phishing expert Svetoslav Donchev. As officially reported by the Crown Prosecution Service (CPS), Donchev, 37, was extradited to the U.K. from Bulgaria to face the online scamming fraud charges and pleaded guilty to five offences to receive a …
Cryptocurrency Exchange / Sept. 27, 2019
Binance CEO Addresses Concerns Live After $40 Mln BTC Hack, Rejects Blockchain Reorg Idea
Changpeng Zhao (CZ), CEO of major crypto exchange Binance, has devoted his live AMA on Twitter to address community concerns in the wake of yesterday’s $40.7 million hack. The AMA was broadcast live on May 8, 3am UTC. As reported yesterday, Binance suffered a major and premeditated hack, reportedly conducted by tactics that included phishing and viruses to obtain a large number of 2FA codes and API keys. The security breach reportedly resulted in hackers withdrawing around 7,000 bitcoin (BTC) — worth around $40.7 million at the time — from the exchange’s hot wallets, in a transaction that went undetected …
Bitcoin / May 8, 2019