Recently, Binance was the victim of an organized and complex security breach, resulting in the access and withdrawal of approximately 7,000 BTC, worth in excess of 40,000,000 USD.
The target of the attack was one of the Binance “hotwallets” which holds approximately 2% of the Binance BTC holdings. Through a complex, and might we add patient, targeting of both technical and social aspects of the Binance platform, organized users were able to maliciously access the funds in question.
This is nothing new within the cryptocurrency industry as we are well aware. With the creation of any currency, be it decentralized or not, comes with it the possibilities of nefarious actions by many individuals and groups across the globe.
One would be remiss if not to note that the security vulnerabilities of an exchange are entirely different from that of a specific token or currency. In this case, the security integrity of Bitcoin (BTC) was not affected, nor targeted. Exchanges are a complex conglomeration of numerous technologies and services that operate within a structure of both traditional networking services, as well as blockchain based development and design. The end goal of blockchain technology is, of course, to meet, as well as exceed, the speed and efficiency of traditional networking services. This, however, has not occurred yet at this time, and is yet to be seen within the evolution of blockchain as a whole.
As directly made mention within Binance’s own statement:
We have discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info…
A common issue in traditional network security was the “Security by Obscurity” mindset. This has been proven time and time again to simply not work. This concept could be thought of as burying your money under sand in a vast desert. People may not know where this desert or location is, nor even know where to start looking. With that said, you can guarantee that with any possibility of financial incentive, people will pursue, and many times find, these erroneous and simple blunders.
In the case of the recent Binance exploit, that’s not to say this is the case. Binance undoubtedly develops and progresses it’s own security measures.
Suffice to say, it was not enough.
Exchange vulnerabilities have continued a proven track record of being targeted by the possibility of least resistance. Time and time again we’ve seen new, lower volume, or even existing exchanges targeted as these security vulnerabilities have presented themselves.
This points to an ongoing responsibility of all exchanges to ensure that security compliance is rigidly met, tested and increased as necessary.
A breath of fresh air within this continuing news cycle is the ongoing readied and swift response of both CZ and other staff internally at Binance. In the past we’ve seen rather slow, or lack of responses all together to veiled attacks and exploits by various exchange entities. Rather than hide in obscurity, CZ took to social media personally to get ahead of the present issue and address it head on.
Not the best of days, but we will stay transparent. Thank you for your support!https://t.co/Y1CQOatEpi
— CZ Binance 🔶🔶🔶 (@cz_binance) May 7, 2019
In fact, a previously scheduled live AMA with CZ continued, while being utilized to address any and all user concerns that may still be looming.
— Binance (@binance) May 8, 2019
The saving grace in this situation is that Binance as a whole was prepared for this type of event. As detailed in their announcement, user funds would not be affected negatively due to the “SAFU Fund” detailed below.
“To protect the future interests of all users, Binance will create a Secure Asset Fund for Users (SAFU). Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”
Acknowledging the ongoing intricacies of operating a live platform with active, hot wallets, Binance took the lead to ensure that funds were allocated and set aside in “cold” storage that would not be affected in the event of an attack.
This quick and efficient response is not only a turning point within the industry, but also a teaching example for all other exchanges and platforms. Regardless of your project, surround yourself with the most innovative and technical security experts.
Consequently, never accept current security as “sufficient” or “completed”.
Most importantly, plan for and have a plan of action for the worst case scenarios. If you fail to plan, you plan to fail.
Latium Internal Exchange
With our own platform at Latium, we have always identified and recognized the ongoing prominence of exchange features and functions as they pertain to the Latium ecosystem.
In fact, the Latium exchange continues to see ongoing growth and expansion, with continued updates and feature expansions. You can learn more in our recent update announcement here:
Similarly, the Latium project maintains an ongoing diligence towards enhanced security within our own platform and exchange. We realize that those that wish to enact harm within this industry never rest and neither do we. With past events, culminating to the most recent exchange exploit, we will continue to apply these lessons to our own efforts to ensure the most secure, efficient and accessible platform within the cryptocurrency industry.
Rather than let potentially negative events like this divide us, we choose, instead, to collectively work towards the ongoing expansion of both the notoriety and legitimacy of cryptocurrency globally through thoughtful, planned development and expertise.