Binance has vowed to raise the quality of its security in the aftermath of a hack that saw thieves make off with more than $40 million in Bitcoin from the exchange.
The company — which is widely believed to operate the world’s largest crypto exchange based on trading volumes — said today that it will “significantly revamp” its security measures, procedures and practices in response. In particular, CEO Changpeng Zhao wrote in a blog post that Binance will make “significant changes to the API, 2FA, and withdrawal validation areas, which was an area exploited by hackers during this incident.”
Speaking on a live stream following the disclosure of the hack earlier this week, Zhao said the hackers had been “very patient” and, in addition to targeting high-net-worth Binance users, he suggested the attack used both internal and external vectors. That might well mean phishing, and that’s an area where Zhao has pledged to work on “more innovative ways” to combat threats, alongside improved KYC and better user and threat analysis.
“We are working with a dozen or so industry-leading security expert teams to help improve our security as well as track down the hackers,” Zhao wrote. He added that other exchanges are helping as best they can to track and freeze the stolen assets.
The real focus must be to look forward, and in that spirit, Binance said it will soon add support for hardware-based two-factor-authentication keys as a method to log in to its site.
That’s probably long overdue and, perhaps to make up for the delay, Zhao