Post-mortem report displays refreshing attitude towards disclosure

The CEO of crypto-exchange Binance, which lost $40 million to cybercrooks earlier this month, has released a post-mortem of the incident.

More than 7,000 BTC was stolen in a single transaction on May 7, after thieves infiltrated Binance’s computer systems in a “well-orchestrated” attack.

While it was initially unclear as to how they managed to gain access, it soon became apparent that the actors were in possession of user API keys, 2FA tokens, and other personal information belonging to customers.

Using this, the attackers were able to gain control of a number of cryptocurrency accounts, Binance said, bypassing the exchange’s pre-withdrawal risk management checks.

It was only when the large sum was moved into the thieves’ wallet that the security alarm was triggered.

The company’s founder, who goes by the moniker ‘CZ’, detailed his reaction to the news in a blog post.

“While things are crystal clear in hindsight, at that moment, we weren’t 100% sure what exactly happened. Was it an actual user action? A glitch in the system? Or maybe a hack?” he wrote.

Binance suspended withdrawals and transactions while a team worked to figure out what had gone wrong – even bringing Ikea sleeping bags into the office, CZ said.

As details of the heist emerged, CZ suggested a number of controversial options going forward, including that he was considering a rollback of the Binance platform to recuperate funds.

He later backtracked, admitting that the almost-impossible feat was poorly thought out.

CZ wrote: “While I know it’s technically possible for a rollback in a 51% attack scenario, it never occurred to me that it is also technically possible to change one transaction and keep all other transactions intact, while hugely incentivizing the miners.

“The discussion was already pretty hot on Twitter, so I mentioned it in the AMA [Ask Me Anything] as something that was suggested. Little did I know, it was a taboo topic. Lesson learned.”

Silver linings

Despite the CEO’s backtracking, one element of Binance’s disaster recovery plan that hasn’t changed is the company’s pledge to refund all victims using the Secure Asset Fund for Users (SAFU) – an emergency insurance fund financed through transaction fees.

Moreover, in the face of this massive eight-figure loss, Binance drew no shortage of praise from users, who commended the exchange for being open and transparent about the incident through continual social media updates.

The company’s refreshing attitude towards transparency was dubbed “inspiring” and admirable on Twitter by users, with some arguing that the response should spark new industry standards.

CZ wrote: “We always aim to maintain constant and transparent communication with our community during a crisis. We believe this to be a strong contributing factor to the support we received from the community in return.”

He added: “We hope this will be a new benchmark for how project teams communicate with their users, during both the good times and the tough, and we hope this will help make our industry healthier and stronger.”

As of the time of writing, the crooks have not been caught.

This latest incident wasn’t the first attempt by cybercriminals to pilfer funds from Binance.

In March, the Hong Kong-based exchange offered a $250,000 for information leading to the arrest of unknown assailants who attempted to hack into systems.

RELATED Deep dive into Electrum hack reveals 70% of network was controlled by attackers