Zhao Changpeng: The security incidents encountered by the currency security at the beginning of this month have made us blessed in disguise.

Author: Ann coins CEO Zhao Changpeng "CZ"

I have a review of the past two weeks: In the past two weeks, we have gained some lessons, on the one hand, we have withstood various pressures, and on the other hand, we have a clearer picture of the future of the currency security. wisdom".

022

what happened?

A hacker organization controls the accounts of multiple users, cleverly bypassing our front-end coin control system for large amounts of money. After the coin was raised, our rear-mounted wind control system immediately discovered the transaction and suspended all subsequent withdrawal requests. Although it is very clear afterwards, at that moment, we are not completely sure what happened. Is this normal operation, system failure, or hacking? Since we were still assessing the situation, we decided to act with caution. I posted a tweet saying that the coin service entered the temporary maintenance state. At the same time, our team continues to investigate what is happening. After confirming that this is a hacking behavior, more problems will follow: 1. How many coins did the hacker propose? 2. Has there been any other undiscovered coin records before this? 3. In addition to the account involved in this incident, how many other accounts does the hacker have? 4. What other risks are involved? 5. How do hackers accurately understand our risk management rules? Is there a ghost? 6. What do we need to do to reopen the withdrawal?

When the team is investigating the above, there are other questions to answer: 1. How do we communicate? 2. What is the response of the community? 3. How much damage will we suffer?

In difficult times, we always return to our first principle: to protect users, highly transparent.

communication

After the incident, we decided to post a notification of this security incident in all channels. At that time, we had relatively determined that there was only one affected transaction transfer. Other wallets are safe, but at the same time worry that hackers may still control other accounts, and we don't fully confirm which accounts. There is still risk in opening the coin, and we need to make some major adjustments and upgrades to the system in order to reopen the coin. In the safety information update announcement, we indicated that it is expected to suspend the one-week withdrawal service.

From a technical point of view, it is difficult to accurately predict how long it will take to complete these tasks, which are completely different from predictable repetitive work. But users and the community need a time, and once announced, it becomes the deadline for our team's target delivery. I don't know how the community will respond to the suspension of the weekly coin service, but fortunately, keeping it transparent allows us to get the support of the community, thank you to everyone who supports us!

Lessons learned: Continuous and transparent communication is key during the crisis.

you ask I answer

We have plans to do an open "You Ask Me" campaign on Twitter, scheduled for a few hours after the event. I think I should keep this activity because many people have problems and the results prove that this decision is correct.

This online question and answer gave the community a clearer understanding of the event, community sentiment began to stabilize, and everyone's analysis of my live broadcast was very thorough, including body language analysis, which I think is a very good thing because it truly shows How do communities restore one thing from multiple dimensions with hive thinking. I am very pleased that the community has been very positive about my body language analysis.

Summary of experience: Live video live communication during the crisis. Your users should not only know what happened, but also know how and how you do it, including allowing them to judge your mental state.

Accident

Before 11:00 in the morning, "You asked me to answer," I didn't sleep all night, I really felt a little tired! So I slept on the couch for 15 minutes. After waking up, my team told me that a bitcoin core developer made an interesting suggestion. I read it for a few seconds and it involves something called "reorg". Although I know that I can technically roll back in 51% of attacks, I didn't know that there was a reorganization before changing all the transaction records while keeping all other transaction records unchanged. This greatly stimulates the miners. This discussion was already very hot on Twitter at the time, so I mentioned this content as a suggestion in "You ask me to answer." I didn't think that the possibility of discussing this matter was a taboo topic. I personally discussed this topic as a hot topic, and I also took extra pressure while dealing with security incidents. Everyone is talking about "reorganization" and me, and I realize that although I will not "reorganize", discussing this matter may be an offense.

Mental state

I don't deny that my first reaction is "F ***!", and the second and third reactions are the same. After a while, I began to accept this reality. "Well, what should we do now? Many people are waiting for me, waiting for my instructions, waiting for information from me, and others waiting to get from me. Take a heart. If you have a lot of things to do, go ahead and do it."

When I confirmed with the team, they had taken a few steps ahead of me: implemented additional security measures to further consolidate our system and discuss all possible options. The entire team is online. I have seen this model before, it is called the "war model." Fortunately, our team is used to the high-pressure war environment, and our fighting desire is stronger than ever. Some of them even patted me on the shoulder and encouraged me about the upcoming "You Ask Me" live broadcast. "Boss, come on!" They are cheering me up, I know this is a good sign.

funds

After 10 seconds of "F ***, F ***, F ***" status, I did a few quick calculations in my brain. 7000 BTC, okay, I know that our Bitcoin assets don't stop there. The bitcoin we hold is completely enough. Then the second calculation made me more stable, and the amount was similar to the amount we destroyed about a quarter ago.

In addition, this is not the first time that the currency has fully paid all the losses. As early as September 2017, the Chinese government issued a notice prohibiting ICO and “recommending” the project to return investors' funds. As soon as this news came out, although the price of BNB was firm, about 6 times that of ICO, many tokens were lower than their ICO price, and these project parties could not return the funds to users in full. Considering that we did help many project parties to raise funds on the currency platform, and these projects were affected by this policy, we decided to do something. We did a quick calculation: if we help the project side to retreat, we will spend about $6 million. Although we raised $15 million two months ago, it took a lot of money and there was almost no cash flow support. Anyway, we decided to do so. When the team called me, I was in the subway and we made this decision in less than 5 minutes. This is more than 35% of our cash. This decision ultimately brought us a lot of users from China and around the world and promoted our growth. In contrast, this $40 million is only a small part of our cash reserves, and we still have #SAFU funds, so the currency can fully bear the loss.

Therefore, we announced in the announcement that we will bear all losses.

Lessons learned: Do the right thing first, and you can earn money later.

Get support

We have received great support from the community, people who defend us, people who help us answer questions in the community, Twitter, telegraph group and Facebook, as well as coins that help people solve problems in multiple communities. (our volunteers). It is the contribution of these people that helps us to give users peace of mind and peace of mind. Thanks, thanks, thank you very much!

Many partners have taken the initiative to help. The analysis team helps us track stolen assets such as Peck Shield, Whale Alert, and more. Other trading platforms and wallet providers block any refills associated with hacker addresses. Some of them may be seen by some as our “competitors”, but when needed, the entire community is united and I am impressed by the way the entire community works together.

We have also received great help from law enforcement agencies around the world. This is the benign result of the currency security to help them solve problems and work closely with them. Now they are in turn helping us.

Summary of experience: Keeping it highly transparent makes it easier to get help from others.

salesperson

I received more than 40 security experts/consultants/companies to help us. Some people are very clear about helping, and many just want to sell their services. Anyway, thank you very much for their willingness to help, but the timing is a bit wrong. For me, it was not appropriate to schedule 40 calls during the week when the system was partially down. Some people even suggested that we have full access to our servers so they could help us with forensics, and we declined to say so. carry on…

One week is comparable to a quarter

Our team is advancing day and night. In the temporary "office" we gathered, we placed some temporary camp beds. I won't go into details here because I can't disclose our security measures. But in order to get the system back online within a week, all teams completed more than a quarter of work in a week.

Blessed by misfortune

We maintain communication with the various teams, as the community member Gautam Chhugani analyzed, and in the long run, this event may be a good thing for us. The pursuit of security is endless. There is always more to do in terms of safety. We have implemented many measures last week and will continue to add more security measures in the future. In view of this, the currency security has actually become more secure than before, not only in this affected area, but in terms of the trading platform as a whole.

Summary of experience

During the crisis, we have always maintained continuous communication and transparency with the community. We think this is a powerful factor that helps us get support from the community. An obvious measure is the price of BNB: it fell slightly at the beginning of the security incident, but the decline was not as large as people expected, even before we resumed the withdrawal, it has returned strongly and once again set a new high in the history of the dollar. .

We hope this will be a new benchmark for the industry to communicate with users in good times and in adversity. We hope this will make our industry healthier and stronger.

thank you very much!

Source: https://www.binance.com/en/blog/336904059293999104/Security-Incident-Recap