{"id":6745,"date":"2019-05-08T10:51:44","date_gmt":"2019-05-08T07:51:44","guid":{"rendered":"https:\/\/forklog.media\/?p=6745"},"modified":"2019-05-12T16:15:09","modified_gmt":"2019-05-12T13:15:09","slug":"no-bitcoin-network-re-org-as-binance-falls-victim-to-40-mln-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/no-bitcoin-network-re-org-as-binance-falls-victim-to-40-mln-hack\/","title":{"rendered":"No Bitcoin Network Re-Org as Binance Falls Victim to $40 Mln Hack"},"content":{"rendered":"<p>Leading cryptocurrency exchange Binance announced May 7 the discovery of a \u201clarge scale security breach\u201d leading to malicious actors being able to access user API keys, two-factor authentication codes and \u201cpotentially other info.\u201d<!--more--><\/p>\n<p>According to a <a href=\"https:\/\/www.blockchain.com\/btc\/tx\/e8b406091959700dbffcff30a60b190133721e5c39e89bb5fe23c5a554ab05ea\" target=\"_blank\" rel=\"noopener noreferrer\">transaction<\/a> published in the security notice, the unknown hackers were able to withdraw 7,074 BTC (over $41 million at the current exchange rate).<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">Not the best of days, but we will stay transparent. Thank you for your support!<a href=\"https:\/\/t.co\/Y1CQOatEpi\">https:\/\/t.co\/Y1CQOatEpi<\/a><\/p>\n<p>\u2014 CZ Binance (@cz_binance) <a href=\"https:\/\/twitter.com\/cz_binance\/status\/1125907214256836608?ref_src=twsrc%5Etfw\">May 7, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Binance\u2019s statement say that the above transaction is the only affected transaction. It impacted the exchange\u2019s BTC hot wallet only (which contained about 2% of Binance total BTC holdings). All other wallets are said to be secure and unharmed.<\/p>\n<blockquote><p><strong>\u201cThe hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that,\u201d<\/strong> reads the post.<\/p><\/blockquote>\n<p>The disclosure came just a few hours after Binance\u2019s CEO Changpeng Zhao tweeted that the exchange was undertaking \u201csome unscheduled server maintenance,\u201d claiming that \u201cfunds are #safu.\u201d After the hack announcement, Zhao added that the exchange would \u201cprovide a more detailed update shortly.\u201d<\/p>\n<p>The exchange will use its <a href=\"https:\/\/binance.zendesk.com\/hc\/en-us\/articles\/360006675312\" target=\"_blank\" rel=\"noopener noreferrer\">Secure Asset Fund for Users<\/a> (SAFU fund) to cover the loss, which won\u2019t impact users, according to the notice. The fund consists of 10 percent of all trading fees absorbed by the exchange, and was initially launched to protect Binance\u2019s users \u201cin extreme cases.\u201d It is stored in the exchange\u2019s own cold wallet.<\/p>\n<blockquote><p><strong>\u201cIn this difficult time, we strive to maintain transparency and would be appreciative of your support,\u201d<\/strong> added Zhao.<\/p><\/blockquote>\n<p>Notably, during an <a href=\"https:\/\/www.pscp.tv\/w\/1mrGmvjpbqBJy\" target=\"_blank\" rel=\"noopener noreferrer\">Ask-Me-Anything live session<\/a> on Wednesday Changpeng Zhao said the team considered pushing for a rollback on the Bitcoin network, which would require pushing for consensus from major miners and mining pools to gather over 51 percent of the network\u2019s total hashing power.<\/p>\n<p>Zhao said:<\/p>\n<blockquote><p><strong>\u201cTo be honest, we can actually do this probably within the next a few days. But there\u2019re concerns that if we do a rollback on the Bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for Bitcoin.\u201d<\/strong><\/p><\/blockquote>\n<p>He added that he has also seen a lot of people objecting to rollbacks since there are the \u201cethical and reputational considerations for the Bitcoin network.\u201d<\/p>\n<p>Shortly afterwards, however, Zhao stated that after speaking to various parties, it was decided not to pursue the re-org approach:<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">After speaking with various parties, including <a href=\"https:\/\/twitter.com\/JeremyRubin?ref_src=twsrc%5Etfw\">@JeremyRubin<\/a>, <a href=\"https:\/\/twitter.com\/_prestwich?ref_src=twsrc%5Etfw\">@_prestwich<\/a>, <a href=\"https:\/\/twitter.com\/bcmakes?ref_src=twsrc%5Etfw\">@bcmakes<\/a>, <a href=\"https:\/\/twitter.com\/hasufl?ref_src=twsrc%5Etfw\">@hasufl<\/a>, <a href=\"https:\/\/twitter.com\/JihanWu?ref_src=twsrc%5Etfw\">@JihanWu<\/a> and others, we decided NOT to pursue the re-org approach. Considerations being:<\/p>\n<p>\u2014 CZ Binance (@cz_binance) <a href=\"https:\/\/twitter.com\/cz_binance\/status\/1125996194734399488?ref_src=twsrc%5Etfw\">May 8, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>He added, that it is simply \u201cnot possible\u201d since \u201cBitcoin ledger is the most immutable ledger on the planet.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Leading cryptocurrency exchange Binance announced May 7 the discovery of a \u201clarge scale security breach\u201d leading to malicious actors being able to access user API keys, two-factor authentication codes and \u201cpotentially other info.\u201d<\/p>\n","protected":false},"author":1,"featured_media":6747,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[744,48,976],"class_list":["post-6745","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-binance","tag-exchanges","tag-hacks"],"aioseo_notices":[],"amp_enabled":true,"views":"490","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/6745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=6745"}],"version-history":[{"count":4,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/6745\/revisions"}],"predecessor-version":[{"id":6751,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/6745\/revisions\/6751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/6747"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=6745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=6745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=6745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}