[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]  CZ 🔶 BNB [@cz_binance](/creator/twitter/cz_binance) on x 10.1M followers Created: 2025-02-22 12:19:21 UTC Some thoughts on the recent hack(s). There is a pattern where hackers were able to steal large amounts of crypto from multi-sig “cold storage” solutions, as with ByBit, Phemex, WazirX and potentially others. In the most recent ByBit case, the hackers were able to make the front-end user interface show a legitimate transaction while the actual signing was for a different transaction. I am less familiar with the other cases, but they sound similar based on limited available info. What’s more scary is that the affected exchanges used different multi-sig solution providers. The hackers, the Lazarus Group, are highly advanced and broad in their abilities to penetrate. It is still unclear whether the hackers were able to penetrate multiple signing devices, or the server side, or both in each of these cases. Some people questioned my suggestion of halting all withdrawals as a standard security precaution (in a tweet I posted from a shuttle bus to the plane). My intention was to share a practical approach based on my experiences and observations, yet there is no absolute right or wrong in either approach. My guiding principle is always to lean on the safer side. After any security incident, pause everything, make sure we fully understand what happened, how hackers penetrated the systems, which devices were compromised, triple-check all is safe, and then resume operations. Pausing withdrawals could cause more panic, of course. In 2019, we paused withdrawals for a week after a massive $XX million hack. When we resumed withdrawals (and deposits), we saw more deposits than withdrawals. Not saying this is a better approach. Every situation is different. It’s a judgment call. My tweet was to share what might work and my intention was to show support in a timely manner. I am sure Ben made the best decision based on the info he had. Ben did a good job maintaining transparent communication and calmness in dealing with a challenging situation. That shows a sharp contrast to other less transparent CEOs, like WazirX, FTX, etc. The cases mentioned here are all different. FTX was fraud. WazirX, I will refrain from commenting as there is an ongoing lawsuit. Most importantly, we should never take security for granted. It is important to learn about security yourself so that you can choose the right tools for your needs. For this, I will share an article I wrote a few years ago. It’s a little outdated, but the fundamental concepts still apply. Stay SAFU! XXXXXXXXX engagements  **Related Topics** [phemex](/topic/phemex) [bybit](/topic/bybit) [storage solutions](/topic/storage-solutions) [coins storage](/topic/coins-storage) [bnb](/topic/bnb) [Post Link](https://x.com/cz_binance/status/1893274376306356487)
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
CZ 🔶 BNB @cz_binance on x 10.1M followers
Created: 2025-02-22 12:19:21 UTC
Some thoughts on the recent hack(s).
There is a pattern where hackers were able to steal large amounts of crypto from multi-sig “cold storage” solutions, as with ByBit, Phemex, WazirX and potentially others. In the most recent ByBit case, the hackers were able to make the front-end user interface show a legitimate transaction while the actual signing was for a different transaction. I am less familiar with the other cases, but they sound similar based on limited available info.
What’s more scary is that the affected exchanges used different multi-sig solution providers. The hackers, the Lazarus Group, are highly advanced and broad in their abilities to penetrate. It is still unclear whether the hackers were able to penetrate multiple signing devices, or the server side, or both in each of these cases.
Some people questioned my suggestion of halting all withdrawals as a standard security precaution (in a tweet I posted from a shuttle bus to the plane). My intention was to share a practical approach based on my experiences and observations, yet there is no absolute right or wrong in either approach. My guiding principle is always to lean on the safer side. After any security incident, pause everything, make sure we fully understand what happened, how hackers penetrated the systems, which devices were compromised, triple-check all is safe, and then resume operations.
Pausing withdrawals could cause more panic, of course. In 2019, we paused withdrawals for a week after a massive $XX million hack. When we resumed withdrawals (and deposits), we saw more deposits than withdrawals. Not saying this is a better approach. Every situation is different. It’s a judgment call. My tweet was to share what might work and my intention was to show support in a timely manner. I am sure Ben made the best decision based on the info he had.
Ben did a good job maintaining transparent communication and calmness in dealing with a challenging situation. That shows a sharp contrast to other less transparent CEOs, like WazirX, FTX, etc.
The cases mentioned here are all different. FTX was fraud. WazirX, I will refrain from commenting as there is an ongoing lawsuit.
Most importantly, we should never take security for granted. It is important to learn about security yourself so that you can choose the right tools for your needs. For this, I will share an article I wrote a few years ago. It’s a little outdated, but the fundamental concepts still apply. Stay SAFU!
XXXXXXXXX engagements
Related Topics phemex bybit storage solutions coins storage bnb