Ethereum Berlin Is Here, Next Stop Is London

The Ethereum blockchain has implemented the Berlin hard fork at block 12,244,000 this past Thursday (April 15, 2021). This was not the anticipated Optimism Rollout yet, but instead are a set of improvement proposals to help the network with gas costs and security.

Berlin was supposed to implemented in 2020, but as with most Ethereum projects it got pushed back. There were centralization concerns around the Geth client on which most Ethereum nodes operate. An important feature of Berlin is the live swapping of Ethereum from a proof-of-work to a proof-of-stake blockchain.

Other important features of Berlin are optimizations for smart contracts including gas efficiency, updates to EVM code and protection against DDOS attacks.

The upgrade implements the following:

  • EIP-2565, reduces gas cost for a specific transaction type that uses modular exponentiation.
  • EIP-2718, makes all transaction types “backwards compatible” using so-called “envelope transactions,” which allows the addition of new transaction logic into Ethereum.
  • EIP-2929, increases gas costs for “op code” transactions, a pain point for denial of service attacks on Ethereum in the past.
  • EIP-2930, a new transaction type (made possible by EIP-2718’s envelope transactions) which allows its users to create templates for future, complex transactions in a bid to lower gas costs.

The upgrades are in line with the bigger upgrade that will introduce EIP 1559 called London.

The Double-Spend That Never Was

On Thursday, January 21, 2021, news outlets began circulating reports of a Bitcoin double spend flaw which led to an 11% drop in the price of the digital asset. This would have been a major exposure of a flaw in the blockchain … except it never was. In fact, what happened or reportedly occurred would be a part of how Bitcoin is supposed to work. It is hard to explain the full details unless you get technical, but let us try to explain it in simpler terms.

First, what is a “double spend“? This was the problem Bitcoin’s creator Satoshi Nakamoto was able to solve for digital currency. Prior to that, it was a problem in computerized electronic payment systems that other developers had proposed solutions for. Since computers are digital, when currency is created it can be easily copied just like a file made in Excel or Word. If you have a file that represents your money in a computer, without any means of control a user can create infinite copies and spend it all they want. It is possible to use the same digital money to purchase two different items, so long as there is no system checking for it.

Nakamoto solves the problem by implementing a blockchain to support provenance and verification. That means that the amount of currency like Bitcoin (BTC) that a user holds, is determined by a mechanism that is verified through a consensus or agreement. In this case it is called Proof-of-Work (PoW) on the Bitcoin blockchain. You have nodes (computers) called miners that run software which run algorithms to try and solve a complex puzzle to discover a block for validation. The block contains transactions that are verified based on cryptographic hashes that can be traced back to what is called a genesis block. If it can be verified, then it is added to the blockchain.

Before a block is added, there is a competition among the miners to try and discover a number called the nonce. This is what is needed in order to validate a block. The miner who discovers it first will become the block validator and will receive a reward in return for their effort. The miners also collect fees for helping to validate transactions on the network. No transaction is ever allowed to pass unless it goes through a consensus among the miners on the network. Double-spends are prevented by the miners through this verification and validation process which also includes confirmations.

Bitmex Research first reported the incident in a tweet of a potential double-spend that occurred in the wild. They were the ones who also pointed out that it was a double-spend, but here is the problem. It was unconfirmed and the researcher who discovered it should have probably waited for what is called a chain reorganization, which is a part of the blockchain’s protocol. It is true that a BTC could appear to be spent two times on different transactions. It must undergo a series of confirmations, usually 6 but it could be more (depends on network activity). This was mentioned by Satoshi Nakamoto in the Bitcoin White Paper.

It is possible for two blocks to be mined simultaneously on the blockchain. This creates a temporary anomaly that can be observed by anyone who has access to the mempool of a Bitcoin node. There is a built-in feature in the code that corrects this problem. It is part of a chain reorganization in which the nodes must add the valid block to the longest chain, or the main network. You can see two transactions that appear to have spent the same BTC, but after the chain reorganization and block confirmation it is resolved. Only one of those blocks that contain the transaction will be valid and added to the blockchain. The other block will be orphaned and not validated.

Many cryptocurrency and blockchain experts like Andreas Antonopoulos, Bitfinex CTO Paolo Ardoino, Coin Metrics Bitcoin Network Data Analyst Lucas Nuzzi and later, even Bitmex Research all agree that it was not a double-spend that occurred. There are counter points though, especially from among the Bitcoin SV (BSV) camp who do have some thoughts of their own. What we know for sure is that only one of the transactions has been verified and validated on a block. The user tried to use a feature called Replace-By-Fee (RBF) in which you can speed up a transaction by paying a higher transaction fee which invalidates a previous transaction that was sent out. What happened here was the lower fee somehow made it to valid block first, perhaps because of the timing. The user had waited too long and by the time the higher paying transaction fee was sent the previous one had already been added to a block on the longer chain which validates it first.

Should we be worried that an actual double-spend can occur? It is always good to be alert and aware of what is happening. While the code does what it is supposed to do, there will be bad actors who may try to exploit these types of attacks to see if they can get past the logic. What will be proof or testament to Bitcoin’s legitimacy as a cryptocurrency is how these measures will stand against the test of time. As long as it is working, it will help the network to remain secure and operational. Until the next news, HODL.

Your Funds Are #SAFU With Me, CZ

Binance is one of the largest cryptocurrency exchanges. There are threats from bad actors, who can affect the operation of digital exchanges that also affects users. When an exchange gets hacked, holders of coins who have left funds on the exchange usually have no way of getting their digital assets back. This is why a form of mitigation to be able to recover funds is becoming important. The Mt. Gox hack wiped out that digital exchange of 850,000 BTC (Bitcoin). To this date there has been no formal settlement with former coin holders.

Binance provides its own security measure to address this problem. It is called the SAFU (Security Asset Fund for Users). It is an emergency insurance fund announced back in July 3, 2018.

According to Binance:

“To protect the future interests of all users, Binance will create a Secure Asset Fund for Users (SAFU). Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”

The story of SAFU goes back to a time Binance CEO Changpeng “CZ” Zhao tweeted “funds are safe”. It became a regular message from CZ to assure exchange users on their status. Later a content creator named “Bizonacci” uploaded a video called “Funds Are Safu” on YouTube. It went viral and the term “Safu” instead of safe has stuck ever since.

This insurance fund collects a percentage of fees from transactions on the exchange. This would be used in the event of a serious breach that compromised the funds stored by the system. It is also stored in secure hard wallets away from online access to hackers. The fund is released in the event of an emergency only, so it continues to accumulate unless otherwise.

These are good measures to provide customers if you are a digital exchange. However, if you are the customer you might consider not storing your coins or tokens on an exchange because of the risk. Since exchanges do not guarantee the safety of your funds, if anything should happen like a software glitch or hack, your funds should they get stolen cannot be fully reimbursed by exchanges. Depending on jurisdiction, you can only pursue a lawsuit if there is any responsibility on the part of the digital exchange to reimburse you based on the policy agreement. Most of the time there is no obligation by the exchange, so storing funds in their custodial wallet is at your own risk.

The best solution is to have your own SAFU to store your funds. That means a hardware wallet that is offline in your own possession. This also gives you control of your own private key, something that digital exchanges don’t provide. Using online wallets (e.g. Exodus, Metamask, MEW, etc.) are also options, but since they are online they are still at risk from being attacked. Whichever wallet a user chooses, what is important is to keep the private key and seed phrase secure.

Avoid Crypto Scams – Not A “How-To”, But Friendly Advice

A coordinated attack against social media platform Twitter (around July 15-16, 2020) led to a hack that targeted popular accounts. These were not just any accounts, but influential public figures. Included in that list were former US president Barack Obama, Microsoft’s Bill Gates and founder of Tesla and SpaceX Elon Musk. What makes this all the more interesting is that hackers used these accounts to solicit cryptocurrency, specifically Bitcoin (BTC). In the scheme, the hackers used the account to mention some feel good words about giving back to the community during the Covid-19 crisis and then requested people to send them BTC with a message of doubling whatever is sent to a given BTC address in the tweet.

These are your typical scams which many in the cryptoverse probably caught. Unfortunately not everybody did. The hackers made off with at least 12 BTC worth $100K+ in the initial stages after the attack was discovered. This sort of attack appears to have affected Twitter’s internal system, since only admin accounts have privileges to modify user accounts. Speculation is that a phishing attack or directed social engineering technique was used to gain access to Twitter’s backend system. This is definitely a cause for concern to everyone who has an account on Twitter because a repeat of this attack could compromise them. Once the hackers gained access to the backend, they targeted the accounts and began tweeting.

People who are caught up in the hype of cryptocurrency like Bitcoin will easily fall prey to scams like this. Noobs (newbies) who recently got in may not have enough education … meaning they don’t know any better what not to do. If someone, anyone, asks you to give them Bitcoin in order to double your holdings don’t be too quick to trust them. It really doesn’t make sense if you think about. Supposed you give 100 BTC, are you really expecting to get 200 BTC? This is a naive gambling mentality that can affect anyone’s logic if they are not aware of these schemes. Never give other people Bitcoin expecting more in return.

It is not even like investing because the public figures account tweets to just give them BTC and you get more in return. The problem with that should be obvious to the common person, but why would other people go along with it? This is why social media has such tremendous power when it comes to influence. The few people who gave their BTC away probably understood what they were doing, which is scary. They did it because they are firm believers of that person. Whether it was through charisma or just blind following, people probably acted subconsciously and just obeyed the tweet like it was an order. Greed is perhaps another motivator since it psychologically makes a person think about how easy it would be to get more crypto. It makes me wonder if the hackers had been more nefarious with the tweet, just think of how many people they could have put in danger or in harm’s path. It was good that it did not end up that way.

Bitcoin addresses are pseudonymous and cannot be directly linked to a person’s identity. That is the blockchain by design, so there would be no way to verify the Bitcoin address really belongs to the public figure. That is probably the biggest reason why not to fall for these scams. We don’t have any way of knowing if the address legitimately belongs to President Obama or Elon Musk. A Bitcoin address is just a hexadecimal string but it doesn’t link to the actual person like the way you can look up a person’s identity by their driver’s license number or social security number. That should have been the red flag that prevents people from giving their BTC.

The Bitcoin address the scammers used which begins with “bc1qxyp….” (I do not reveal the full address here, just a snippet) can be tracked on a blockchain explorer. It doesn’t specifically say the name of the owner of that account. What you can see though are the transactions in the account history, and it indicates the 12 BTC collected.

Note: The full Bitcoin address of the scammer/hacker is not revealed here.

In crypto the only way to really trace the identity of the account holder is if they cash out using a digital exchange. Users who use digital exchanges to convert crypto to fiat, require a KYC documents in order to comply with financial regulations (e.g. AML, Anti-terrorist funding, etc.). This is not revealed to the public, but if there were an investigation the digital exchange can release the personal information if they were required. Accounts created on digital exchanges are also linked to bank accounts which can be traced to a person’s identity. On the blockchain, the real way to prove identity would be with a digital signature using the private key from the user’s digital wallet. This is one way a person who claims to own a Bitcoin address can prove they are the true owner.

The lesson here is that scams are everywhere in our society. It even affects crypto. In fact there have already been 2 popular scams uncovered in the past – Bitconnect and OneCoin. They have not proven any legitimacy and quickly collapsed with their leadership no where to be found. These cryptocurrency promised people ridiculous returns, but many got into it anyway with the help of social influencers. Some of these influencers were just too convincing that it leads to a bandwagon or network effect of more people putting money in a system that is like a house of wax built on top of the sun. By the time it collapsed (no more money to give people) it was too late for many and they lost the money they put into the coin, perhaps never to be recovered.

To avoid scams ask yourself if the message you are getting is too good to be true. If it is do more research to verify it. Don’t just give your BTC to anyone and expect more in return. Those things just don’t really happen in the real world. If it does, then there is probably something you have to give back in return but it may not always have a good ending. It is like the car dealer telling you to give them your old car and you get a new car back. You do get your new car but then you end up with a mountain of costs you had not been expecting. It is always the unexpected things beyond our control. This is true with crypto as well, so be very careful next time you hear or see someone say “Hey, give me some BTC today and I’ll double it up for a good cause!”.

Note: This is not financial advice. Please do your own research to verify information.

Lost Bitcoins Were Not Meant To Be Easily Recovered

There have been stories of people losing their digital asset, Bitcoin (BTC), for careless reasons. There is the story of a Welsh man who “accidentally” (we don’t know for sure) threw a hard drive away that contains approximately $80-$100M+ worth of BTC. The price actually will be worth plenty more or even less based on market value. The most common incident involves holders of BTC losing their private key to their digital wallet. Now think of it like losing your apartment key. It is different though because if you don’t have a duplicate you can always go to the apartment manager for a master key to open the door. In Bitcoin, unfortunately, there is no master key that unlocks all digital wallets. Other instances of unrecoverable BTC happens when the holder of a digital wallet dies and no one else has access to it. Unless there is a next of kin to claim the inheritance, it is as good as gone unless the private key can be provided to recover the coins.

You can still recover your BTC even if the private key is lost, provided you took the required measures. You must have the seed phrase generated during wallet creation. The problem is if you don’t have both then your BTC will not be recoverable based on the blockchain’s inherent design. That is because all private keys and wallets are unique, and since the blockchain is decentralized there is no master key or main administrator to support users. Incidents that involve hacking would not be considered lost BTC because the hackers will most likely send the stolen coins to another wallet and then try to lose anyone tracking the BTC by using various digital exchanges. In other words, that BTC would be considered stolen rather than lost, and it could end up back in circulation if it were sold to an exchange. This is why it is important to make backups of both the private key and seed phrase, but store it in a secure location and not just some random cloud drive. Consider using hardware wallets, removable hard drives, thumb drives and other storage devices that can be locked up in a vault (you get the idea).

Is it easy to lose your private key? The answer is yes, when considering the circumstances. If you store your private key on your local hard drive without a backup copy, if that hard drive should fail then it could mean game over. Your savior would be the seed phrase of the digital wallet or what is called the recovery phrase. This is provided to the user during the creation of the digital wallet, when the private key was generated. This contains 12 words in Bitcoin (also called the mnemonic) that must be provided when recovering the private key. Another way a user loses a private key is if it was stored online and never exported to an offline location. If the online service were to fail with no backup system, the private key will be gone as well.

Whatever the story is, lost BTC lead to less of the supply of the cryptocurrency. According to Chainalysis, an estimated $35,000,000,000 (price is volatile so this is not a fixed value) in Bitcoin (BTC) is likely to never be recovered. This was based on their report that 20% of Bitcoin’s total supply of 21M BTC has not moved for five years or longer. According to the report, that would be 3.72M BTC based on a market valuation of $9,408.60 (as of the market value when report was published). It is also assumed that 4M BTC in total, including the BTC in the report, may never ever be recovered unless there is protocol which will allow the lost coins to be released back into circulation. That is not likely unless the Bitcoin community in general come to a majority consensus. The Bitcoin blockchain does not support releasing lost BTC as of Bitcoin Core 0.20.0 (Released in 6/3/2020). When we deduct the 4M BTC, that means there will be only 17M BTC.

Holding a digital asset like BTC requires plenty of responsibility in return for financial independence. The question then is why would anyone even want to own Bitcoin if it cannot be easily recovered, has no customer support like a bank and no master key to unlock it if the private key is lost? That should make it all the more obvious why it is important to own Bitcoin. Only you can have control of your BTC. The government cannot freeze it and prevent you from storing value on the blockchain. You have freedom from bank policies which regulate finances (e.g. withdrawals, remittances, loans, etc.). The only thing a person must do to have this benefit is to secure their private key and seed phrase. Humans are not perfect and very prone to mistakes, so is it even possible to have a system like this?

We have to go back to the fundamentals of Bitcoin and why it was designed that way. Remember, its founder Satoshi Nakamoto developed a system of direct peer-to-peer payments without relying on a trusted third party. It is also decentralized so that it cannot be manipulated and controlled by a single entity. The way to do this is give full control of money to the users and establish a platform that is permissionless and trustless for exchanging value. The blockchain provides a cryptographically secure platform of trust among strangers who want to transact because it doesn’t require them to know each other or trust an arbiter to exchange value. Instead they use a private key to authorize transactions under their digital signature and verify that they are indeed the holder of the BTC. The reason lost BTC cannot be recovered is because it will require the unique private key that belongs to its owner. If that was lost, the BTC can still be recovered using the seed phrase. Until there is a chance at recovering BTC, users must be responsible for their digital assets. All it requires is keeping a digital wallet with a private key, in a safe and secure manner.

Keep Your Private Key To Yourself

Never ever, and that means EVER, reveal your private key to anyone. That means it is better you take it with you to the grave or lock it up with a will rather than entrust it with a third party or anyone you know. There are plenty of stories of how careless people can get with their private keys. This has led to unrecoverable funds, digital identity theft and hacked digital wallets. If you were to give your private key to someone and they lose it, your only chance of recovery would be the seed phrase generated during the key creation for your digital wallet. If you lost those seed phrases, good luck because chances are there is no other way to recover your private key.

Why is it so hard? This is probably the reason mainstream finance is turned off by cryptocurrency. Digital wallets are mostly not user friendly and there is no technical support to help users recover their funds or private keys. The apps provided for cryptocurrency are open source, and available to the public but there is no one supporting it directly. It is decentralized, so the best resources to contact are members of the community who are knowledgable about the subject. Unfortunately, not even the top tier engineers and developers of the cryptocurrency can help you recover or generate a new private key unless it is for a new digital wallet.

What many people don’t understand is that private keys were not meant to be recovered. Only one unique private key is created for a digital wallet, and that means there is no master key that can open a backdoor to help anyone recover their funds. That was by design due to the open source and decentralized nature of the blockchain. This sounds like a bank is still the best place to store your wealth because they provide full customer support. Now I am going to explain the difference between a bank and the blockchain, in the context of cryptocurrency and private keys.

Banks are highly centralized and they are pretty much in control of your wealth. No matter how much money you have deposited in a bank, policies still dictate how much you can withdraw, where you can send your money and what you can do with it. If a bank were to go bankrupt, your funds go along with it. Banks won’t voluntarily give you all their money if they are closing. You lose all your wealth in the worst case scenario. In times of financial crisis, banks can also stop withdrawals to prevent bank runs. You are mostly at the mercy of your bank when it comes to money, and they will gladly take what you deposit while giving you permission to withdraw your own money. It doesn’t really make sense, but that has been the mainstream banking system for decades now.

Compare that to cryptocurrency and the blockchain, you have financial independence. You control your own wealth through your private key, which is why it is so important not to lose it or let others access it. A private key is not even a tangible object, it is a digital code consisting of numbers that have been cryptographically generated and stored as a file. From your private key you get a public address which is created from your public key. The public key is derived from the private key to generate the public address. This is like your account number that is allowed to be exposed on the network. Funds deposited or withdrawn are recorded on the blockchain. The private key also authorizes you to send and receive funds using a digital signature. The digital wallet is basically where you store the private key. To keep the private key safe, store the file away from your computer or online drive. The best recommendation from experts is to use a hardware wallet, which is an offline device that secures private keys. That would prevent hackers from accessing it online since the only way to access it is from the device.

The lesson here is that if you want financial independence and control of your own wealth, it requires plenty of responsibility. That includes managing your private key by keeping it in a safe storage location like a hardware wallet. Make a backup, but store it wisely and not somewhere it can be accessed publicly (e.g. file sharing site). You can copy it to a thumb drive to be stored in a vault or a secure enclave in a smartphone if supported. There will be more robust solutions for key recovery systems for digital wallets, but until that time comes, users should always be alert regarding their private key. If anyone asks for your private key so they can send you funds, ignore that request. There is never any reason to reveal your private key to anyone. It is not like a driver’s license number or SS number which you do need to provide sometimes. A private key should only be known by its holder and never shared or revealed to anyone. You have the right to protect your privacy and it is secured through cryptography on a blockchain.

How 2FA Can Secure Your Cryptocurrency Assets

In the Crypto-economy, we need to implement security to safeguard our digital assets. Wallets are primarily just an interface to access the blockchain where the assets are stored. The wallet just provides the balance to the user, as well as allow users to send and receive tokens. It does not actually store the cryptocurrency. Instead, the wallet stores the private key which is what proves the user’s ownership of the assets. This must definitely be kept secured because if someone else were to gain access to the private key they can take ownership of your assets. This is why wallets, whether online or offline, use various authentication schemes.

Passwords are the most common way to access a wallet. The problem with this is that once a password is guessed or cracked, there is no other layer of security. This is why users are recommended to store their private key in hardware wallets e.g. Ledger Nano or Trezor. This stores the private key offline so only the user will have physical access. It cannot be hacked from the Internet or anywhere else since the hardware wallet uses cold offline storage. For everybody else, how can security be increased or improved?

A solution to this is called MFA or Multi-Factor Authentication. MFA uses multiple types of authentication to verify a user. In MFA you can use 3 methods to secure your authentication.

  1. What You Know – This involves the password, the most common form of authentication. Only the user should know this. The problem here is password sharing among users. Some family members openly share their password and that can lead others to learn this thru eavesdropping and more nefarious ways like password cracking.
  2. What You Own – Most users have a smartphone, and this can be included for verification. In this method an app is installed on the smartphone that generates a code that syncs with a server over the network. It will only work from this smartphone and not any other device.
  3. Who You Are – Your biometric information, like fingerprints, retina scan or face can be used to further confirm your identity for verification. This is something that physically verifies who you are. This is actually a very effective method that Apple uses for authentication on iPhones using Face ID. The possibility of 2 or more people having the same exact biometric traits is zero to extremely rare.

2FA or Two-Factor Authentication is one of the most common implementations of MFA using just 2 of the 3 methods mentioned. In the cryptocurrency world, digital exchanges implement 2FA to gain access to your cryptocurrency portfolio. Coinbase, Binance and Blockchain.Info require 2FA as a stronger authentication method compared to a simple password. 2FA can be enabled on many apps. Just check to make sure that the app login you are using allows 2FA support. If it is available, enable it to give you more security.

One example of using 2FA is when you login to your Binance account. Binance uses a combination of password and security codes. You create your password during the account creation process. With 2FA enabled, you now need to add a security code to further authenticate your access to your account. By installing Google Authenticator, you can add this additional security layer. With Google Authenticator, you scan the QR code from Binance when enabling 2FA. Once that code is scanned, Google Authenticator creates a profile for you. The next time you login to Binance, you will now need to check Google Authenticator app which is installed on your smartphone. Binance will request the code in order to continue your login.

2FA and other MFA implementations help to increase security, which allows you to better protect your cryptocurrency assets. Even if a hacker is able to intercept your password, if they don’t have what you own (e.g. smartphone) or what you are (e.g. face or fingerprint), they will be denied from the system.

The Bitcoin Binance Hack And The Lessons Learned

At the time of this writing it is the start of blockchain week In New York City. One of the hot topics that will be discussed has to do with the most recent Binance hack that led to $40.7 Million of stolen Bitcoin (worth 7,000 BTC at the time of the incident). This is actually not the first time Binance has been hacked, they have a track record. Despite their concern for cybersecurity, it seems their system is not really that secure. This is not to say that Binance does not take cybersecurity seriously, because they do. They implement a 2FA type of authentication which requires using either an authenticator that generates a random code or the code is sent via an SMS text message to a smartphone. It is pretty secure after the fact, yet it was foiled time and time again. At this point the best that Binance can do is to track the stolen BTC and get the cooperation of other digital exchanges to freeze the funds. We actually know which address moved the coins (The transaction was traced from this link).

Fortunately, Binance has what it calls a SAFU (Secure Asset Fund for Users) which is a way of providing an insurance to users on the exchange in case of emergency. Changpeng Zhao or CZ, Binance CEO, has guaranteed that those who lost Bitcoin from the hack will be compensated for their losses. That is good to know, but will this be the end of these type of hacks? It has already happened before, so there is likelihood that it can happen again. That is unless Binance will add new security measures that tighten their systems even more. Then that gives hackers a new problem to deal with.

Now here is what is concerning. In an official statement made by Binance regarding the hack:

“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.

The fact that it “passed our existing security checks” is a cause for concern that is what they are working to improve. According to this Coindesk article, Binance is going to do a revamp of their security system. They will certainly look into improving their API for 2FA as well as their withdrawal validation process. If a hacker can easily hack a user’s API key or 2FA credentials, you don’t really have a secure system. It was probably not an easy feat for the hackers, so now Binance should make it even more difficult to decrease the likelihood of any successful breach.

Phishing attacks are one of the exploits hackers use to get information from users. Once they trick a user to giving them that information, the hackers then use it to access the exchange. That is really all you need to do to get past Binance’s security check. Binance implements withdrawal limits for unverified users but for those who are verified, the hacker can wipe out their entire balance on the exchange.

Other ways a Binance user account was compromised can be from spyware, keyloggers or remote viewing software like VNC. Having an antivirus and cyberbsecurity software installed on a computer can help detect these malware. Another way to foil these attacks is to not keep funds stored on an exchange. Using a cold storage (not connected to the Internet) on a hardware wallet provides more security. In fact, some smartphones like the HTC Exodus and Samsung Galaxy S10 provide hardware wallet support for cryptocurrency now. For the strictest security, keep your digital assets safe in cold storage and not on hot wallets or custodial services like digital exchanges.

According to CZ:

“We are working with a dozen or so industry-leading security expert teams to help improve our security as well as track down the hackers.”

That’s right. Binance is definitely going to need more help in cybersecurity to fix this problem. Remember, it is not the blockchain that got hacked, it is Binance’s system. Binance also announced support for hardware devices with 2FA, a more secure way to connect to Binance. A system like that would require hackers to have possession of the actual hardware device. Think of this as a sort of physical key, that only gives access to the user who owns it.

The risk of a more digital world is computer hacking. Binance has been successfully hacked in the past. A user lost 2 BTC when a hacker used the credentials from their hacked e-mail address. Another hack occurred in July 2018, which was a “potential” hack that led to the theft of $45 Million of Syscoin and dumping of BTC. It was not Binance’s direct fault, but more on the Syscoin wallet. Regardless, it was a system anomaly that Binance admins detected. Binance immediately shutdown and then reset their API keys. That’s exactly what they did with the most recent hack. It seems that the answer to the problem is just shutting down and resetting everything. However, that does not solve the problem apparently.

Due to this large loss of BTC, someone from the BTC development community reached out to CZ. A suggestion was made to reorg the BTC blockchain and give back the stolen funds to their respective owners. Now the reaction to this was not good at all and thankfully, CZ decided not to do this. That would require Binance to use a “51% attack” to gain majority hashing power on the Bitcoin network to overturn transactions. The problem with this is an ethics issue because it would require Binance to get a consensus among miners and nodes on the network to support this plan. It goes against the main ideology of the blockchain, which is about decentralization and immutability. When you get a collusion of miners to provide Binance with majority hashing power, it centralizes the network to benefit one organization. This may also lead to inconsistencies on the blockchain if several bad actors try to mine on their own chain to gain control of the network. The idea that a consortium of miners with hashing power can overturn a trnsaction goes against immutability on the blockchain. It would be a terrible idea to do this.

The result of a reorg may lead to more factions in the Bitcoin community. There might even be a fork and this is not going to be good for the price of BTC as a store of value. It may even ruin the market leading to turmoil and massive sell offs as users collect their money. There needs to be a clear direction for BTC and a reorg is probably not in everyone’s best interest since it really only benefits Binance and the hacked accounts. This is not a consensus of the network’s interests.

The good thing is that the hack did not affect BTC prices. FUD didn’t lead to any massive dump or sell off, proving that there is confidence in the market. Taking care of the real problem, which is cybersecurity, is what needs to addressed. Binance vows to increase their security which is the most important feature right now for any digital exchange. Users need their funds to be safe from hackers, so this is going to be the responsibility of digital exchanges.