On Friday (May 10), Binance Co-Founder and CEO, Changpeng Zhao (aka “CZ”), talked about some important changes for improving security that are currently being made at the crypto exchange following the major security breach on Tuesday (May 7) that resulted in a loss of over 7,000 BTC from its Bitcoin hot wallet.
AT 08:00 UTC on Friday, CZ provided the following “security incident update”:
- CZ wants to be as honest and transparent as possible with all Binance users (“Binancians”), but he needs to be careful too since hackers are reading/watching everything posted by Binance and its CEO.
- The Binance team is working hard to significantly improve “security measures, procedures, and practices”; some of these changes will be done during this one week window where deposits and withdrawals are suspended, and they will try to implement the others as soon as possible afterwards.
- In particular, the team is “making significant changes to the API, 2FA, and withdrawal validation areas”.
- Other areas marked for improvement are “risk management, user behavior analysis, and KYC procedures”, as well as detection of phishing attacks.
- Binance is adding support for two-factor authentication (2FA) devices such as YubiKey; as a way of promoting this new feature, they will give away 1,000 YubiKey devices.
- As Binance previously stated in the original blog post regarding the security breach and in CZ's AMA session, funds were only stolen from Binance’s Bitcoin hot wallet, and no other hot/cold wallets were affected.
- Binance is working with around a dozen top security experts to improve the security of its platform and to try to catch the hackers.
- Binance is working with several security and blockchain analytics firms to try to track down the stolen bitcoin, as well as working with many crypto exchanges and other financial service providers to “freeze the stolen funds.”
- The team is in a “fighting mode” and is determined to make Binance “far stronger and more secure in the long run.”
- CZ will continue to communicate frequently with the crypto community via Twitter, even though he realizes that he sometimes might say the wrong things (like using “dirty words” such as “reorg”), for which he apologizes.
- CZ concludes by saying that his team is hoping to be able to re-enable deposists and withdrawals by “early next week.”