Binance, one of the largest cryptocurrency exchanges, was hacked this week. More than $40 million dollars worth of Bitcoins have been stolen from their hot wallet. Fortunately, the exchange plans on covering all of the losses by dipping into its secure asset fund for users (SAFU). Changpeng Zhao, the chief executive at Binance, states that user funds will in no way be affected. Withdrawals are currently suspended on the platform until the investigation is complete, trading is still supported at this point in time.
This hack pales in comparison to some of the larger heists that took place over the past decade. Mt. Gox was hacked for 750,000 BTC in 2011. Today, that would be worth $4.4 billion USD. Bitfloor was hacked in 2012 for 24,000 BTC in 2012. Today, that would be valued at $142 million USD.
It was reported that API keys, two-factor codes and other information was stolen during the attack. Zhao encouraged everyone to change their API keys and two-factor authentication codes.
The most interesting part of this story is that Binance considered rolling back the Bitcoin network. He went on record saying:
“[On] the other topic of ‘do we want to issue a rollback on the Bitcoin network’… Because right now, the 7,000 BTC is far higher than if we distribute that to miners. It would be far higher that what they got paid for the last few blocks. To be honest, we can actually do this probably within the next few days. But there are concerns if we do a rollback on Bitcoin network at that scale. It may have some negative consequences in terms of destroying credibility for Bitcoin. So, again, the team is still deciding that, and we’re running through the numbers and checking everything.”
Zhao later tweeted today that they were not going to move forward with this plan. Vitalik Buterin, the co-founder of Ethereum, responded to Zhao’s tweet with “Wait what”. Whether or not rolling back the Bitcoin chain is actually possible is still being debated.
Landon Manning described the rollback process as follows:
“Such a rollback scheme would be an incredibly ambitious undertaking. The most feasible plan would entail Binance sending its own 7,000 BTC transaction from the hacked address to another one that it owns with a hefty fee. With a substantial enough fee, miners would be incentivized to let Binance spend the 7,000 BTC it does have, reorganizing the blockchain’s transaction history to include this transaction in the ledger (miners would need a large fee to justify nullifying the block rewards they received since the hack). In this double-spend scenario, miners would forge an alternate chain, though this chain split would resolve itself once the chain became longer than the old one and all nodes accepted it.”
The 7,000 Bitcoins that were stolen was roughly 2% of the company’s entire BTC holdings. An expensive lesson, but one that could’ve been much worse. Like most financial institutions, if they haven’t been hacked, it’s only of matter of time until they are. The important bit is if users’ funds were affected and whether or not the company handled and responded to the event appropriately.