After a $40 million loss, Binance’s CEO wants crypto exchanges to team up to fight thieves.
In an update on the $40 million-plus theft of 7,000 Bitcoin on May 7, Binance CEO Changpeng “CZ” Zhao suggested that the cryptocurrency exchange industry may create a more formal alliance to fight thefts and try to prevent thieves from getting away with their ill-gotten gains.
Binance has halted deposits and withdrawals as it works to, “significantly revamp some of [its] security measures, procedures, and practice,” Zhao said in a blog post on May 10.
Noting that Binance is receiving cooperation from many exchanges to watch for and freeze the stolen Bitcoin, Zhao said it is, “already is sort of an alliance,” and suggested that this latest multimillion-dollar industry theft will get exchanges to more formally cooperate to prevent losses.
“We have some ideas to contribute more on this front after we get over this incident,” he said. “I believe this incident, while damaging us now, will actually make us far stronger and more secure in the long run.”
Zhao added that he expects deposits and withdrawals to begin early next week, but cautioned that that timeline was tentative.
As far as its own security is concerned, Binance is going to make substantial changes to the two-factor authentication procedures it uses, he said. That is the door the thieves took to raid dozens of accounts.
In practice, this likely means making the tradeoff of convenience for security weigh a little more heavily on the security side. Along with, “significant changes to the API, 2FA, and withdrawal validation areas,” the company is adding hardware validation devices such as Yubico’s YubiKey, which is essentially a non-writable USB drive that functions as an authenticator.
Other areas due for an overhaul include risk management, user behavior analysis, and know your customer (KYC) procedures, as well as more aggressively fighting phishing.
There are other security upgrades planned, but the company will not disclose them as, Zhao points out, “hackers are reading every word we post and watching every AMA we host.”
Calling the company’s mindset as in “fighting mad,” Zhao said that Binance is working about a dozen security companies to improve its systems and to track the funds.
He also apologized for suggesting a Bitcoin reorganization to reverse the theft in a Twitter AMA on May 8, noting “[g]iven how much I talk, I sometimes say the wrong stuff, dirty words like ‘reorg’, for which I apologize.” That comment raised a storm of opposition before he quickly backed off, noting he had been awake for nearly 30 hours when he made it.