Changpeng Zhao (CZ), the founder of Binance, the world’s largest cryptocurrency exchange, has discussed the recent wave of hacks targeting major crypto platforms. In a detailed explanation, CZ highlighted significant vulnerabilities and provided insights into security practices for both exchanges and users.
CZ observed a concerning pattern in recent attacks on multiple exchanges, including ByBit, Phemex, and WazirX. According to CZ, hackers were able to steal substantial amounts of cryptocurrency from multi-signature (multi-sig) cold storage solutions.
In the case of ByBit, the hackers manipulated the front-end interface to display legitimate transactions while actually signing a different transaction. While CZ admitted being less familiar with the details of the other incidents, he noted that the available information suggested similar attack patterns.
What is even more worrying, according to CZ, is that these exchanges use different multi-sig solution providers, indicating that the attacks were not limited to a single vulnerability. The responsible hacking group, known as the infamous Lazarus Group, is recognized for its advanced cyber capabilities. It remains uncertain whether the breaches were caused by compromised signing devices, server-side infiltrations, or both.
In light of these concerns, CZ reiterated the long-standing security principles of Binance. It defended its recommendation to halt all withdrawals after a security breach as a standard precautionary measure. Despite facing criticism for this approach, Binance argued that suspending withdrawals allows for a thorough investigation of the breach, an understanding of the attack vectors, and the assurance that all systems are secure before resuming operations.
CZ referred to Binance’s own experience in 2019 when it suffered a $40 million hack. Binance suspended withdrawals for a week, and contrary to fears, there were more deposits than withdrawals when services resumed. However, CZ clarified that each situation is unique, and the decision to halt operations should be based on the available information.
CZ praised ByBit CEO Ben Zhou for his transparency and composure in handling the security breach. He contrasted Zhou’s approach with what he described as the “less transparent” handling of issues by other crypto exchange leaders, such as WazirX and the now-defunct FTX. While CZ refrained from commenting on WazirX due to ongoing legal proceedings, he firmly categorized FTX’s collapse as a case of fraud rather than a security failure.
*This is not investment advice.
