At this point in 2019, there are many signs that the crypto markets are starting to mature. However, there is one issue that continues to plague the industry – exchange hacks. Crypto intelligence firm Ciphertrace estimates that $356 million was stolen from exchanges in the first quarter of 2019 alone.
The recent breach of Binance, where hackers made off with 7,000 BTC, stands out for a couple of reasons. Firstly, this was the only instance where hackers managed to breach this particular exchange. Before this, the world’s biggest exchange was renowned for having remained secure against thieves ever since it started trading in 2017.
Secondly, aside from a short closure, Binance was able to refund its users, re-open its doors and continue on almost as if nothing had happened. This is thanks to the exchange’s policy of having its own insurance fund, which it calls Secure Asset Fund for Users, or SAFU, in place to protect against losses in the event of a hack.
What Happened with the Binance Hack?
On May 7, CEO Changpeng Zhao [CZ] announced via his Twitter account that the exchange was undergoing unscheduled server maintenance. A few hours later, it was confirmed that the exchange had been breached. API keys and 2-factor authentication [2FA] codes were stolen through a combination of phishing and viral attacks. Hackers had swiped around $40m worth of BTC, amounting to 2% of the total exchange holdings.
The same day that the attack took place, CZ published a post on the company blog to explain the breach and the steps that the company intended to take. The blog post stated that the company would be conducting a thorough security review which would take around a week. The exchange had suspended all deposits and withdrawals, although trading could continue. Most critically for users, the blog post confirmed that the SAFU would cover the losses for all affected users.
Binance continued to post openly about the progress of these matters over the next few days. CZ also plowed ahead with a scheduled AMA on Twitter despite that he knew it would be challenging.
Overall, the way that the company handled a potentially very damaging incident turned it around completely.
The existence of the SAFU fund already provided a safety net to users, but by itself, an insurance fund doesn’t create trust. It’s the culture of transparency and the way that the company maintained open channels of communication with the crypto community that helped it quickly bounce back from the hack.
Lessons to be Learned
For the broader crypto community, there are some critical takeaways from this incident. This is particularly apparent when we contrast the Binance approach with the handling of other exchange incidents that have happened this year, such as QuadrigaCX or Cryptopia.
In both cases, the teams behind these exchanges quickly slid into obscurity. Now, the only communication with affected users comes from the various accounting and liquidation firms handling the fallout.
Firstly, when we all know that exchange hacks are all too common, all centralized exchanges should maintain a healthy backup fund to cover losses. Pretty much all exchanges take trading fees from their users. Therefore, there is no reason all these funds should be directed into profits-or even profit sharing-when users stand to lose out if the exchange is breached.
Secondly, the open and transparent communication style should become the norm and not the exception. Users place trust in exchanges to handle their funds. CZ and Binance have set the bar for how to demonstrate to users that this trust isn’t misplaced.
The lack of progress in both of these areas is central to why the crypto sector still hasn’t shaken off its “wild west” image. The industry has made significant developments in reducing the incidences of scam ICOs, working with regulators, and attracting institutional investment. With exchanges playing such a prominent role in the space, it’s time for them to step up too.
Perhaps it’s time for the crypto community to start demonstrating its power and demand that centralized exchanges protect users from losses. There’s a reason why Binance is the biggest, and users will vote with their feet if they know where their money and their trust is best placed.
