(CZ), CEO of major , has updated reporters on the exchange’s security revamp and investigation into this week’s $40 million hack in a security incident update shared with Cointelegraph on May 10.
The CEO also apologized for having fuelled community concerns by openly discussing the possibility of incentivizing a re-organization — or transaction rollback — as a possible response to the attack.
As , suffered a major and premeditated hack on May 7, which reportedly resulted in the theft of around 7,070 () — worth over $40 million at the time — from the exchange’s hot in a transaction that went undetected by the firm’s security systems.
The attack was reported to have been conducted by tactics that included phishing and viruses to obtain a large number of 2FA codes and API keys. In his security update, CZ said he was restricted in sharing too many details of the exchange’s response to the incident, noting that:
“Hackers are reading every word we post and watching every AMA we host. Sharing too many security details actually weakens our security response strategy.”
Nonetheless, the CEO did disclose that the exchange team was ostensibly making progress in significantly revamping its security measures, procedures and practices. He anticipates that some of the changes will be implemented within this very week, and that a great deal more changes will follow going forward.
Of particular focus, CZ noted changes to the areas exploited by the perpetrators of the theft — namely ’s API, 2FA and withdrawal validation areas. He also revealed the platform is aiming to improve its risk management, user behaviour analysis, Know Your Customer procedures and anti-phishing tactics, as well as revising other back-end security measures.
Notably, CZ also used the security incident update as an opportunity to apologize for having sparked a controversy in the crypto community by publicly raising the consideration of undertaking a possible re-org or rollback in the wake of the hack. He said:
“Given how much I talk, I sometimes say the wrong stuff, dirty words like ‘reorg’, for which I apologize. It is my strong view that our constant and transparent communication is what sets us apart from the “old way of doing things”, even and especially in tough times.”
As , both during a post-hack live AMA and in a thereafter, CZ had revealed that had considered — but rejected — the idea of responding to the hack with a re-org: i.e. taking steps to incentivize miners to form a consensus to wield 51% of the network’s hashing power to reorganize the ’s transactions after the loss.
Heeding the intense of such a move from members of the community and industry experts, the CEO and exchange decided against the , the likely reputational damage to and threat to its immutability and decentralization principles.
To press time, is ranked largest exchange globally, seeing a 52.25% recovery surge in daily trade volume.
Published at Sat, 11 May 2019 08:51:58 +0000
