Binance And Others Must Learn From Hack, Make Their Systems More Resilient
The hacking of Binance, the biggest Crypto exchange platform in the world last week, which resulted in hackers stealing 7000 BTC ($40 million), has raised eyebrows and increased fears that no platform is safe from such attacks.
In moving forward, the hack is an opening for the Blockchain community to reinforce efforts against infringements of that nature. Exchanges have been hacked too frequently, and that will deter some new entrants from entering the Crypto space.
QBITtimes spoke to Suyash Kumar Sumaroo, Director of Codevigor Ltd and one of the Lead Devs of Horizon Africa, a Mauritian based Blockchain platform about his diagnoses of the security breach. This was his take on the incident:
“I think that this hack follows a long line of hacks that have happened in the past. It is essential to point out that these hacks are not attacks on a particular blockchain but instead on a specific internal system of a company, which in this case is Binance. This kind of attack is almost always a combination of smart hacking skills and bad security.”
But Sumaroo objected that Binance’s security is not entirely bad since only part of their extensive existing system has been affected, more specifically their hot wallets, which are steadily prone to various kinds of attacks, based on their nature of always being accessible.
“However, the other parts of the platform have remained unaffected,” Sumaroo pointed out. “The industry as a whole has learned from previous hacks, and I believe that Binance is no exception.” Sumaroo believes that companies such as Binance will learn from this and make their systems more resilient and secure.
Are Other Exchanges Safe?
The director of CodeVigor expressed concern that If the world’s most prominent exchange has been hacked, other Exchanges, especially smaller ones, might also be at risk. “I don’t think it depends on the size of an exchange. Exchanges like Binance are based on large systems which open a host of ways and avenues for different hacks to occur, and it is particularly difficult to have a completely secure system,” he remarked.
Sumaroo said that all existing businesses are at risk, including the ones outside the crypto world. Smaller exchanges might be less prone to attacks because of the trading volume, but at the same time, they may be the target of very specialised attacks.
He further asserted that exchanges, irrespective of their size, may become a target to hacks in the future, simply because they deal in the transactions of cryptocurrencies.
Binance’s Reorg Proposal
Binance’s CEO Changpeng Zhao initially announced a rollback of the transactions involved in the hack but later backed down and apologized. On that Sumaroo maintained it is divisive, but also vital and necessary to the Bitcoin discussion.
“It is imperative to understand that a reorg is essentially rewriting some of a blockchain’s transactions to erase something that happened. This violates one of the fundamental principles of a blockchain, that valid confirmed transactions are immutable and cannot be rolled back,” he explained.
Again, he presumes that, in terms of technical capability, this can be achieved by a majority of miners, but that would come at a considerable cost to everyone, in terms of spent mining resources. It is, furthermore, an expressly dangerous idea to float around, but more importantly, the chance of that ever happening was slim.
Sadly, there have been numerous security breaches in the history of Cryptoshere, but it still appears that the community has not learned any lessons about how to prevent such occurrences. The Mauritius-based Blockchain developer insists there are not enough details on how the hack was carried out and, as a result, it is tough to point to a specific measure or to a set of criteria which would prevent such attacks.
“I doubt that Binance will release any technical details about how the hack was carried out unless it has something to do with the internal workings of the Bitcoin blockchain. What we can learn in general is that securing hot wallets is tough. People should also understand that exchanges act as a custodian of their cryptocurrencies and to take action to ensure that their funds are secure, they should individually understand how blockchain and hot and cold wallets work and keep most of their funds in their wallets. With this knowledge, they will be able to ensure the security of their funds better.”
Sumaroo, however, praised Binance for assuring all of their users that any lost funds in the hack would fully be refunded.
Some suggested blacklisting those addresses that were affected so that the hackers won’t be able to offload the BTC on other exchanges, which would discourage others from hacking them, but Sumaroo said it wouldn’t fly. “The reason behind it is that the funds can change addresses very quickly, and although it is possible to track all these changes, it will become increasingly clumsy the more this database will grow in size,”.
Sumaroo proposed that decentralization will become a crucial topic, deciding who is going to manage and administer this database, which will effectively be a central authority. “This will open the door to censorship in the Bitcoin blockchain. However, nothing stops exchanges from setting up a system like this and collectively following the same protocol,” he concluded.
Education on users of exchange platforms storing their funds in their personal wallets instead of on exchange should be stepped up by exchanges and the Crypto community. However, would hacking of exchanges in the space ever end?