Changpeng Zhao (CZ), the founder of Binance, has shared his thoughts on the recent Bybit hack, linking it to a worrying pattern of cyberattacks on crypto exchanges.
The Pattern of Hacks
According to CZ, hackers have managed to steal large amounts of cryptocurrency from multi-signature “cold storage” wallets. Bybit, Phemex, WazirX, and potentially other platforms have fallen victim to this technique. In Bybit’s case, attackers manipulated the front-end interface to display a legitimate transaction while executing a different one behind the scenes.
What makes this more alarming is that the affected exchanges used different multi-signature solution providers, yet all were breached. CZ points to the North Korean-linked Lazarus Group as the likely perpetrators, given their advanced hacking capabilities. He notes that it remains unclear whether they exploited multiple signing devices, server-side vulnerabilities, or both.
CZ’s Security Advice
CZ reiterated his stance on handling security breaches, suggesting that exchanges should temporarily halt withdrawals after an attack to prevent further losses. He acknowledged that this approach could induce panic but cited Binance’s own experience in 2019 when the exchange paused withdrawals for a week following a $40 million hack. Despite initial concerns, Binance saw more deposits than withdrawals upon resuming operations.
“My intention was to share a practical approach based on my experiences and observations, yet there is no absolute right or wrong,” CZ stated. “My guiding principle is always to lean on the safer side.”
Praise for Bybit’s Handling of the Situation
CZ commended Bybit’s CEO, Ben Zhou, for maintaining transparency and calmness throughout the crisis, contrasting his approach with leaders of other compromised exchanges like WazirX and FTX. He refrained from commenting on WazirX due to an ongoing lawsuit but reiterated that FTX was an outright fraud.
A Call for Stronger Security Awareness
The Binance founder emphasized that security should never be taken for granted and urged crypto users to educate themselves on protective measures. He promised to share a security article he wrote, noting that while some details might be outdated, the fundamental principles remain relevant.
“Stay SAFU,” CZ concluded, reinforcing the need for continuous vigilance in the crypto space.
Conclusion
As crypto exchanges remain prime targets for hackers, CZ’s insights highlight the growing need for enhanced security strategies. Whether his suggested approach of halting withdrawals becomes standard practice remains to be seen, but the industry must adapt to prevent future breaches.
