Crypto prices took a hit overnight after Hong Kong-based Binance, the world's biggest crypto exchange, revealed that hackers had absconded with 7,000 bitcoins - worth roughly $41 million at current prices - stolen from the exchange's hot wallet.
However, prices swiftly pared some of their losses after the exchange announced that customers wouldn't be responsible for the losses: Instead, depositors would be made whole with assets from Binance's 'Secure Asset Fund for Users'.
According to a blog post published by Binance CEO Zhao Zhangpeng, the company discovered a "large-scale security breach" early Wednesday morning in Hong Kong. Hackers used phishing scams, viruses and other standard hacking techniques to withdraw the entire sum from Binance's 'hot wallet' - which holds roughly 2% of deposits held by the exchange - in a single transaction.
The exchange insisted that all of its other wallets remained secure and unharmed. The hacker's withdrawal request slipped by the exchange's security protocols because it was executed at "the most opportune time" and was structured in such a way that it "passed our existing security checks."
After discovering the hack, the exchange immediately froze all withdrawals; they will remain frozen for the next week, and the exchange promised to provide regular updates on its progress.
However, while customers won't be able to withdraw currency or crypto, trading is still enabled, so anyone can adjust their positions.
Perhaps fearing what might happen to the crypto market if these types of hacks become 'normalized' (though, as far as we can tell, this would be too little, too late), Mike Novogratz, whose crypto fund lost hundreds of millions of dollars last year, insisted that the Binance hack might finally draw more regulatory scrutiny to the space (something that the dozens of other hacks have largely failed to provoke).
2 percent is a lot when your the worlds largest crypto exchange. No way to spin this as good. Will certainly bring more scrutiny from regulators. https://t.co/uqFH3tStCp— Michael Novogratz (@novogratz) May 7, 2019
In a Reddit AMA held shortly after the hack was uncovered, Binance founder CZ triggered crypto purists by suggesting that Binance might push for a 'rollback' of the bitcoin blockchain to undo the hack - though he swiftly walked this back, claiming it would not be possible.
pros: 1 we could "revenge" the hackers by "moving" the fees to miners; 2 deter future hacking attempts in the process. 3. explore the possibility of how bitcoin network would deal with situations like these.— CZ Binance (@cz_binance) May 8, 2019
cons: 1 we may damage credibility of BTC, 2 we may cause a split in both the bitcoin network and community. Both of these damages seems to out-weight $40m revenge. 3 the hackers did demonstrate certain weak points in our design and user confusion, that was not obvious before.— CZ Binance (@cz_binance) May 8, 2019
cons: 4 While it is a very expensive lesson for us, it is nevertheless a lesson. it was our responsibility to safe guard user funds.— CZ Binance (@cz_binance) May 8, 2019
We should own up it. We will learn and improve.
As always, thank you for your support!
To put this to bed, it's not possible, bitcoin ledger is the most immutable ledger on the planet. Done. https://t.co/rKLBCEZmgp— CZ Binance (@cz_binance) May 8, 2019
However, Ari Paul responded by arguing that a reorg of the blockchain could be possible if bitcoin miners were properly incentivized to make it happen.
There’s a bit of superficial discussion happening (mostly dismissal) of CZ of binance’s exploration of reorganizing the blockchain to reverse binance’s recent hack. Here’s why such a rollback is plausible in a future case (whether we want it to be plausible or not.)— Ari Paul ⛓️ (@AriDavidPaul) May 8, 2019
2/ first, I’m not commenting at all on what I want to happen or what’s good for bitcoin. I’m going to argue reorgs in these scenarios may be a natural result of the game theory for bitcoin that Satoshi created.— Ari Paul ⛓️ (@AriDavidPaul) May 8, 2019
3/ this hack was relatively small, but consider Bitfinex’s previous hack of 117k+ BTC, which was 30+ days of block rewards. If Bitfinex could create a smart contract to programmatically incentivize miners to re-org 3 days of the blockchain, the simple economic incentives work.— Ari Paul ⛓️ (@AriDavidPaul) May 8, 2019
4/ then the question is coordination. A reorganization requires 50%+ of hashpower, but doesn’t require conscious coordination. If no one miner had more than 1% hashpower, and all were truly anonymous, might raw incentives serve to coordinate a reorganization?— Ari Paul ⛓️ (@AriDavidPaul) May 8, 2019
5/ I’m not aware of how you could structure such incentives entirely within the bitcoin network itself. The logic of the smart contract would, I think, have to refer to whether a re-org has occurred. The incentives might have to be provided on another layer or network.— Ari Paul ⛓️ (@AriDavidPaul) May 8, 2019
Binance will now conduct a "large scale review" of its security protocols, and most ominously, it hasn't ruled out the discovery of more breaches.
This isn't the first time that Binance has been targeted by cyber thieves. These types of hacks are embarrassingly common. In Q1 alone, hackers stole more than $350 million in crypto.