By: Jai Waterman, Co-Founder and Chief Enterprise Architect
Binance, one of the world’s biggest and most popular crypto exchanges, got hacked for over $40 million - but is it really surprising? Let’s look at the details and consequences:
The assets were all stolen from a handful of hot wallets, a form of storage everybody knows is vulnerable to hackers
Binance maintains a Secure Asset Fund for Users (SAFU) to reimburse investors in situations like this, and it has enough money to pay every investor back in full
The hack itself took a huge amount of effort, involving phishing, viruses, patience and coordination to pull off - not an easy security exploit
In other words, the Binance security set-up helped mitigate the damage of the hacks. But when it comes to the question of “is Binance safe?” the answer may not be as reassuring as Zhao Changpeng would like.
Big exchanges like Binance are basically centralized, one-stop-shops offering services like:
storage (cold and hot)
marketing (to attract more users and add liquidity)
It’s quite a task to run a successful exchange. It’s effectively a centralized service, and significant resources are allocated to support everything it does.
On the other hand, hackers have one job: break into the hot wallet and get away with the money! This means the hacker gets to put 100% of their resources into stealing while the exchange has to juggle many things along with security. This is why Exchanges should avoid hot wallets at all costs: choose security over speed and convenience.
In centralizing investor services, the big exchanges have no choice but to split their focus. This makes the wallets they maintain a big, juicy target that’s too hot for hackers to resist.
And more than that, the SAFU is 100% managed and financed by Binance itself by reserving 10% of trading fees. There’s only as much money in the fund as Binance has set aside. Will the fund be enough if this happens again next week, and the week after that? Do the hackers have more cold-hearted plans and just waiting for the hot wallets to get refilled?
Part of the strength of traditional financial markets comes from the multiple players - regulators, exchanges, brokers, and depositories - who make it run. Transactions need to go through layers of oversight and authority, giving investors protection against hackers hoping to mess with their account.
At Blockstation, we provide the technology that allows these institutions to list digital assets like bitcoin and Ethereum within their regulated, licensed walls - providing stone-cold storage with multi-sig authority to keep the hackers out. They would have to breach a majority of the market participants to pull off a heist like this, a scenario as unlikely as a 51% attack on bitcoin itself.
And on the off-chance they manage to actually pull it off anyway? With the authority of regulated financial institutions behind us, we’ve been able to arrange full insurance with 100% coverage - no matter how large the theft.
The crypto community has come a long way - and as the recent Bitwise report shows, it is in many ways self-regulating and self-sufficient even without support from traditional institutions.
But there are gaps in that self-regulation and protection - which is where mainstream adoption by regulated institutions comes in, giving the investor community a safe, 100% insured way to enter the crypto market and trade with confidence.
What are your thoughts? Are centralized exchanges like Binance a safe place to store your crypto, or is decentralized security through traditional institutions the way to go?
Sound off on social media using #SecureCrypto and let us know!