Binance has vowed to raise the quality of its security in the aftermath of a hack that saw thieves make off with over $40 million in Bitcoin from the exchange.
The company — which is widely believed to operate the world’s largest crypto exchange based on trading volumes — said today that it will “significantly revamp” its security measures, procedures and practices in response. In particular, CEO Changpeng Zhao wrote in a blog post that Binance will make “significant changes to the API, 2FA, and withdrawal validation areas, which was an area exploited by hackers during this incident.”
Speaking on a livestream following the disclosure of the hack earlier this week, Zhao said the hackers had been “very patient” and, in addition to targeting high-net-worth Binance users, he suggested that attack had used both internal and external vectors. That might well mean phishing, and that’s an area where Zhao has pledged to work on “more innovative ways” to combat threats, alongside improved KYC and better user and threat analysis.
“We are working with a dozen or so industry-leading security expert teams to help improve our security as well as track down the hackers,” Zhao wrote. He added that other exchanges are helping as best they can to track and freeze the stolen assets.
The real focus must be to look forward, and in that spirit, Binance said it will soon add support for hardware-based two-factor-authentication keys as a method to log in to its site.
That’s probably long overdue and, perhaps to make up for the delay, Zhao said the company plans to give away 1,000 YubiKeys when the feature goes live. That’s a worthy gesture but, unless Binance is giving out a discount code to redeem on the website directly, security purists would likely recommend users to buy their own key to ensure it has not been tampered with.
The final notable update is when Binance will resume withdrawals and deposits, which it froze in the wake of the attack. There’s no definitive word on that yet, with Zhao suggesting that the timeframe is “early next week.”
Oh, and on that proposed Bitcoin blockchain “reorg” — which attracted a mocking reaction from many in the blockchain space — Zhao, who is also known as CZ, said he is sorry.
“It is my strong view that our constant and transparent communication is what sets us apart from the “old way of doing things”, even and especially in tough times,” he wrote defiantly, adding that he doesn’t intend to reduce his activity on Twitter — where is approaching 350,000 followers.