Billions at Risk? Binance Says No Withdrawls for 7 Days following the 7000 BTC Hack

On May 7th, Binance, the world’s largest cryptocurrency exchange announced that it had discovered a large security breach.

Hackers were able to gain access to a large number of API keys and 2FA codes and stole 7000 BTC worth around $40 million at the time of this writing. While the exchange has said that its SAFU fund will cover all the losses and no user funds will be affected, Binance has halted withdrawals and deposits for the following 7 days.

2% of Binance’s Total BTC Holdings Gone

Yesterday’s hack saw a total of 2 percent of all of Binance’s BTC holdings vanish into thin air. According to the official release, the event has only impacted the exchange’s BTC hot wallet. This should be somewhat reassuring, given the multitude of the attack and the serious amount of BTC that Binance is holding.

Simple math suggests that Binance currently has around $2 Billion worth of BTC on its accounts. According to BitInfoCharts, at least 188,311 BTC is held in cold wallets, which is worth around $1.1 billion. According to the release, however, these funds are not affected and safe.

Interestingly enough, the 7000 BTC which was stolen from Binance has been transferred through a single transaction. Changpeng Zhao, CEO at Binance, revealed that this transaction has been structured in a way which has managed to circumvent the exchange’s existing security checks and that it was very unfortunate that it couldn’t have been blocked. However, once executed, the transaction has triggered various alarms in Binance’s system and all withdrawals were halted immediately.

Yet, it’s worth noting that Binance has said that there may be additional affected accounts which haven’t yet been identified, which is somewhat worrying.

SAFU Fund to Cover Damages In Full

Perhaps understanding that even Binance is not safe from sophisticated hacking attacks, the cryptocurrency exchange launched its so-called Secure Asset Fund for Users (SAFU) on July 3rd, 2018.

This fund sees 10 percent of all the trading fees received into it in order to offer protection to Binance users in extreme cases, such as this one.

According to Changpeng Zhao, the fund has enough money in it to cover the losses entirely and no outside help will be needed. This came after many industry proponents, including TRON’s Justin Sun, offered to help by depositing BTC in Binance. However, CZ has urged everyone who is willing to donate to do so to the Binance Charity program, instead for covering the losses of this attack.

What’s The Aftermath?

It’s somewhat obvious that $40 million shouldn’t be that big of a burden for the world’s largest cryptocurrency exchange, especially given the fact that it has been allocating 10 percent of its trading fees to the SAFU fund.

However, the cryptocurrency community is somewhat worried that Changpeng Zhao has revealed that their team has been in talks and has considered the possibility of a chain reorganization.

After speaking with various parties, including @JeremyRubin, @_prestwich, @bcmakes, @hasufl, @JihanWu and others, we decided NOT to pursue the re-org approach. Considerations being:
— CZ Binance (@cz_binance) May 8, 2019

A blockchain reorganization is, in short, an event which excludes one or more blocks which were previously part of the blockchain. CZ has revealed a few pros of this scenario, as well as certain disadvantages, including reputational damage for Bitcoin’s network, as well as a potential split in its network and the community.

This is what is seemingly causing serious turmoil among proponents as Bitcoin’s network is typically considered to be the safest one where events of the kind were previously thought of as impossible. The fact that Changpeng Zhao and associated people, including Jihan Wu, have discussed this, could mean that it may actually be possible, which is exactly what people are worried about.

It does seem that this thought alone, as well as the fact that CZ has considered it, has caused more damage to the reputation of Binance compared to the $40M hack itself.

In an attempt to put all of this at ease, CZ said: