A little $40 million
bitcoin incident

SuperblockIn 1978’s Superman the Movie, Superman rescues Lois Lane in mid-fall from a helicopter. Safely depositing her on her feet, he says, “Well, I certainly hope this little incident hasn’t put you off flying, miss. Statistically speaking, of course, it’s still the safest way to travel.”

In the wake of the recent theft of over 7,000 bitcoin—about $40 million worth—from Taiwan-based cryptocurrency exchange Binance, I am inclined to say something similar: Don’t let this incident put you off Blockchain.

The recent heist was by no means the largest. According to The Washington Post, that honor goes to an incident in 2014 …

… when Japan-based Mt. Gox said that attackers stole nearly $500 million worth of the digital currency. And in 2016, hackers nabbed about $72 million in bitcoin from Hong Kong-based Bitfinex.

Yet financial institutions and fintechs are embracing, not fleeing, blockchain technology. JPMorgan Chase is expanding its blockchain project. There are some 40 central banks looking into blockchain as I write. And Medium lists 143 banks and other 87 other types of financial organizations using blockchain.

When it comes to security, it’s important to remember that bitcoin and blockchain are not the same thing. As R. R. Hauxley pointed out writing for Crytomania:

Bitcoin is built on top of blockchain technology, and so are other cryptocurrencies. Blockchain technology is used way beyond cryptocurrencies. It has a seemingly endless number of applications in various industries.

As for the recent heist, Binance said in a press release last week:

We have discovered a large scale security breach today, May 7, 2019 at 17:15:24 (UTC). Hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info. The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet. 

Phishing. Viruses. Other attacks. Perhaps Binance is hinting that what the hackers hacked wasn’t so much Binance as Binance users. For all its merits, blockchain isn’t impervious to human foible. 

With all but an admiring tone, Binance continued:

The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks.

Firms like Binance store a small percentage of cryptocurrency in what’s known as a “hot” wallet, that is, the data are online, as opposed to the balance stored offline in what’s called—and I bet you saw this coming—a “cold” wallet. That makes the cold wallet an inaccessible target for hackers, and the hot wallet an irresistible one. 

The hackers found their way into Binance’s hot wallet and obtained the data with a single transaction. But, not to worry, according to Binance: “The above transaction is the only affected transaction. It impacted our BTC hot wallet only (which contained about 2% of our total BTC holdings). All of our other wallets are secure and unharmed.” Moreover, all losses are covered by insurance.

The moment Binance became aware of the problem, which was almost immediately, the company halted all deposits and withdrawals for about a week because “the hackers may still control certain user accounts and may use those to influence prices in the meantime.” On May 15, Bitcoin announced it had completed its system upgrade and would “resume all trading activity” later that day.

Not surprisingly, the value of bitcoin took a hit in the wake of the hack, but seems to have for the most part recovered. The same The Washington Post article points out that bitcoin’s value has been declining since hitting its $20,000 peak a little over a year ago:

Even cryptocurrency investors unscathed by hacks and scammers are still feeling the pain of a market that has dwindled in value. At its peak, in December 2017, bitcoin was worth nearly $20,000, igniting a buying frenzy … By February 2018, bitcoin’s value was cut in half. Then in December, a year after its peak, bitcoin had fallen below $4,000, a drop of more than 80 percent. The rest of the cryptocurrency market soon followed bitcoin’s lead … As of [May 8, 2019], bitcoin was trading at $5,901.

But the value of blockchain as a technology is strong as ever. As Marc West and I wrote for Fiserv’s The Point,

There are many types of blockchains. Most either are permissioned (private) or permission-less (public). As the names imply, a permissioned design requires pre-established and approval-based access to create, manage, transfer or seal any digital assets. Permission-less blockchains allow for self-registry and identity-less access. For financial services, the most secure and practical type is a private blockchain. Only known participants and digital assets are permitted to use that type of network design … blockchain enhances security by ensuring all parties are known, all transactions are cryptographically verifiable and no private data ever leaves the institution.

So I hope this little $40 million incident hasn’t put you off blockchain. Statistically speaking, of course, it’s still a safe way to transact.

Leave a Comment