At Consensus, New York, CEO of crypto exchange Zebpay, Ajeet Khurana, says the more he knows, the more questions he has about last week’s Binance hack.
When the hack occurred, observers could watch the theft of 7,000 unfold in real-time, via an address supplied by CEO Changpeng Zhao on Twitter. The coins moved from one address to another and disappeared. But it turns out that was only half the bitcoin in the wallet that Zhao identified. Another 6,900 bitcoins were left behind, where they remain to this day.
What, if anything, Binance can do about that remains to be seen. The exchange has not commented beyond the public press release, and an update, it issued. Accounts—which were frozen pending a security review—are expected to be re-opened tomorrow.
To Khurana, the coins that were left behind are a smoking gun.
“We can see the transactions on the blockchain but why weren’t there more?” he asked. “Why wasn’t the wallet emptied?”
Sometimes one worries whether one knows enough.
A Binance spokesperson responded, saying, "The hacker never had access to the wallet itself, so the wallet itself is still secure."
Khurana, a longtime crypto player, became CEO of Zebpay—one of India’s largest and oldest exchanges—in March, 2018. The government forced the exchange to close in September, 2018 when it banned crypto countryside. Zebpay has since relocated to Malta and Australia, and recently introduced Lightning Network payments.
Crypto exchange hacks are fairly common, with a recent report by blockchain analytics company CipherTrace showing the amounts involved are increasing. Khurana figures this is set to continue, in particular for medium-sized exchanges.
“A lot of these hacks are happening despite the fact we knew they could happen,” he said, before painting a bleak picture, “We are at a stage where a lot must die so the industry might live.”
On the other hand, Khurana argued that it is not just the exchanges who are at fault; governments should be accountable too: “While I never want to transfer responsibility on the government and regulators, the attention is on KYC and not enough is being done to audit exchange reserves and their security.”
The answer, he said, lies in exchanges disclosing more information to regulators. Governments ought to understand more about the extent to which exchanges secure customers’ assets and require minimum standards. Perhaps if there are more disclosures, there might be fewer unanswered questions, too.
[May 14, 13:00] This article was updated with a comment from Binance.