Last night Changpeng Zhao, CEO of Binance – also known as CZ – started a series of tweets that sent the Bitcoin community and users on fire. Rightly so.
Starting with only warnings about a maintenance halting deposits and withdrawals on the exchange, he went on to admit there had been a security breach in their system and that “hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info.”
The worst nightmare to anyone trading or keeping their money in exchanges.
The hackers were able to withdraw 7000 BTC in this one transaction: It impacted Binance’s BTC hot wallet only (which contained about 2% of total BTC holdings), while all other wallets were declared secure and unharmed.
What’s a hot wallet?
A hot wallet works through the internet, and it’s, therefore, more susceptible to attacks from hackers, as opposed to cold storage wallets which are kept offline and are safer as a result.
Binance announced they will use the SAFU (Secure Asset Fund for Users) funds to cover for the incident fully, reassuring users that their funds will not be affected.
With such reassurance, no worries for the people that store their money on the world’s biggest exchange then. However, what does this mean for the crypto community and Bitcoin especially?
First let’s be clear on something: the Bitcoin blockchain is the most secure, unhackable and immutable of all the existing blockchains. Mainly because of the vastity of its network that requires an enormous amount of computational work that goes into maintaining the blockchain.
At some point, during a live AMA session on Twitter, CZ stated that they could do a reorg of the Bitcoin blockchain with a full rollback to revert the transaction through which the funds were stolen. This comment sparked anger and disbelief in the Bitcoin community that immediately bombarded the social platform with requests not to do it as it would damage the reputation of Bitcoin forever.
What is blockchain reorganization?
In simple terms, the organization of the Bitcoin (or any) blockchain means going back to the “betrayed” or hacked or affected block where the stolen money transaction was included, unverify that transaction to get back the money and reorganize all of the following blocks since then. This would imply an enormous amount of computational power (and funds), and this is the main reason it has not yet happened to the largest blockchain network in existence.
CZ stating they will do a reorg is merely erroneous. The 42-year-old Chinese-Canadian business executive admitted that the “reorg is an idea that came from the community” and he “actually did not know that they could do that.”
The implications would be enormous and frankly near impossible to accomplish, let’s see why
1. The cost of such an operation would not be worth for Binance as the money eventually recollected via the reorg, rolling back the blockchain, would go to miners anyway.
2. There are significant risks for the miners agreeing to do this as any miner that betrays will significantly raise the risk of wasting hash power that could be productively put to mining the longer chain (Jimmy Song, Bitcoin developer)
3. The more it takes to Binance to take a decision, the more costly the operation will be: every block is produced on average every 10 minutes at the cost of BTC12.5 each. That’s 144 blocks in total per day on top of those that have already been produced since the binance hack, and at currently $5500 per BTC, you can make your own maths. Still according to Jimmy Song coordinating the whole process with the mining pools won’t be easy and would likely take more than a day (or 144 blocks).
4. Last but not least the result for Bitcoin would be devastating in terms of reputation. The blockchain immutability would be compromised and so its decentralization if an exchange can take such a decision and affect the network to this extent.
In the last hour, Binance has announced that after speaking with parties they will not be taking such an approach as they realized the potential damage would have been much worse than the outcome.
They will still cover the money lost by users, and the lesson is learned by everyone include:
- Keep your money safe out of exchanges if you’re not trading. The binance hack is just one of many. We recommend using hardware wallets such as Ledger for a significant amount of funds. #YourKeysYourMoney.
- The CEO has already announced that upgrades/improvements will be made to their system to prevent this specific type of attack in the future. This is how security improves.
- Binance is hurt but not broke.