The CEO of Binance, Changpeng Zhao (CZ) has described his reaction following the hack of Binance earlier this month. He starts off by being quite blunt saying:
“I am not gonna deny it. My first reaction was: “F***!”, the second and third reactions were also the same. A few moments after that, I began to come to terms with it, “Well that sucks! What do we do now? Lots of people are waiting for me, some for instructions, some for information and some for reassurance. Lots to do, let’s just get on with it.”
When I checked in with the team, they were already a couple of steps ahead of me, implementing additional security measures to further ring-fence our systems and discussing all available options. The entire team was online.”
CZ spoke on the thought process behind his much-maligned and abandoned “reorg” idea, which would have involved attempting to incentivise around 51 percent of minders that power the Bitcoin network to essentially reverse and reorganise the recent BTC transactions, including the massive Binance hack.
Following the security breach, Zhao scheduled an ask-me-anything session with the community:
“Before the AMA, I had been up all night and I was really feeling the effects. So, I took a 15-minute nap just before the AMA. Upon waking up, my team told me there was an interesting proposal from a Bitcoin Core developer. I read it for a few seconds. It involved something called a “reorg”. While I know it’s technically possible for a rollback in a 51% attack scenario, it never occurred to me that it is also technically possible to change one transaction and keep all other transactions intact, while hugely incentivizing the miners. The discussion was already pretty hot on Twitter, so I mentioned it in the AMA as something that was suggested. Little did I know, it was a taboo topic. Lesson learned.”
Although, the idea was quickly ditched and CZ said that is just wasn’t possible. CZ noted notes that the hackers gained control of several user accounts and made large withdrawal requests that bypassed Binance’s pre-withdrawal risk management checks.
“Our post-withdrawal risk monitoring system caught it immediately and suspended all subsequent withdrawals. While things are crystal clear in hindsight, at that moment, we weren’t 100% sure what exactly happened. Was it an actual user action? A glitch in the system? Or maybe a hack? As we were still evaluating the situation at the time, we decided to proceed with caution.”