BINANCE

DESCRIPTION OF EVENTS

"Binance is a cryptocurrency exchange which is currently the largest exchange in the world in terms of daily trading volume of cryptocurrencies. It was founded in 2017 and is registered in the Cayman Islands."

"Binance was founded by Changpeng Zhao, a developer who had previously created high frequency trading software. Binance was initially based in China, but later moved its headquarters out of China following the Chinese government's increasing regulation of cryptocurrency."

"Anonymous cryptocurrency Firo — formerly known as Zcoin— is the latest Proof-of-Work coin to suffer a 51% attack." "Firo (FIRO), formerly known as Zcoin, is a cryptocurrency that focuses on being private digital cash. It created the Lelantus privacy protocol which allows users to burn their coins and redeem them later for brand new ones that do not have any transaction history."

"Lelantus, the privacy protocol that brings “on-by-default” privacy to @firoorg (previously Zcoin) mainnet activated on 14 January 2021."

"Prior to Lelantus, it was also the first cryptocurrency to code and launch a practical implementation of the Zerocoin protocol which became one of the most prevalent privacy protocols in use, prior to it being replaced by Sigma and then Lelantus after cryptographic flaws were discovered in the Zerocoin protocol in 2019."

"The founder of Firo (then Zcoin) is Poramin Insom. He earned a masters degree in Information Security from Johns Hopkins University where he wrote a paper on a proposed practical implementation of the Zerocoin protocol. Aside from Firo, he is also a co-founder of the Satang Corporation and has served as second lieutenant with the Royal Thai Armed Forces in its cyber warfare division."

"Reuben Yap joined the project shortly after its launch in 2016 and now leads the project in its overall strategy, development and research goals. Reuben has been a vocal advocate of online and financial privacy, having founded one of Southeast Asia’s earliest VPN services to combat censorship and is a well-respected speaker on the topic, with featured commentary in CoinDesk, BBC, Forbes, Nasdaq, Reuters and Cheddar News, among others. He assumed the role of Project Steward & Co-Founder in November 2019."

"Tweeting on Wednesday, Firo revealed that the protocol had come under a 51% attack and advised holders to pause all transactions until the network returns to a normal state." "The attack was done at a time where most of our team was asleep and we were first made aware at 6:50 AM UTC+8."

"We are under 51% attack at the moment. We recommend not to make transactions during this time until the network returns to a normal state. We will post updates when we have them. Note this is not a coding error but a nature of PoW. $XZC $FIRO"

"XZC(FIRO) 51% attack, 306 blocks rolled back, to 2021-01-18 17:24:20(UTC). Another messy situations."

"The attacker deposited a huge number of coins into Binance, sold them for other coins (most likely BTC, ETH and USDT) and withdrew the proceeds to a personal wallet. This was done with 3 unique KYCed IDs in batches of 10,000 FIRO to 40,000 FIRO totaling 865,951.9714 FIRO."

"Through his own pool, the attacker then revealed his secret mined chain which had more accumulated work on it. This chain rolled back over 300 blocks which also reversed his deposits (and other users’ deposits) into Binance. This meant that the FIRO that were sold on Binance were no longer on Binance and had reverted to the attacker despite him already selling them and withdrawing his BTC/USDT/ETH proceeds."

"The team moved swiftly and put out several emergency updates. The first of which freezes the attacker’s funds so they can’t be moved and also implemented a max re-org depth of 5, and the second will activate chainlocks within a week (at time of writing). The Firo development team is confident in our work, and hope that this activation will be successful and prevent any further attacks similar to this one."

“Exchanges are the ones at a loss as the attacker had deposited funds which have now been reversed because of the 51% attack. We are still working with exchanges to resolve the matter. From what we know at the moment both Binance and Indodax were affected.”

"Attacker consolidated all his FIRO in one address 54 totalling 867,652 FIRO which includes his coinbase rewards he earned from mining the chain. The attacker did not take any steps to anonymize or spread out his funds."

"According to Binance, they have suffered losses of 906,771.4373 FIRO. This includes funds of innocent users who also had their deposits reversed. This figure might change as legitimate deposits are rebroadcasted and confirmed. Binance’s security team is still in the midst of investigations."

"We are working with exchanges and pools currently. Chainlocks that would have prevented this were being tested on testnet and was weeks away from deployment."

"Binance in particular has asked about the possibility of reimbursement for their losses, and, though the team does receive a modest sum from the protocol in the form of a development fund, the Firo team has nowhere near the funds necessary to cover these damages. Our options are limited, but we would like to present them here for community discussion. Firo is, after all, first and foremost, a coin of the community, and we would never act on something so substantial without first receiving community input."

"Our first option is to utilize the locked attacker’s funds to make reparations to the exchanges and its users. This Firo would be ‘mined’ on a new block and sent to a wallet controlled by the Firo development team to disperse to the exchanges that request reimbursement. It’s important to note that this will not change the max supply of Firo as the attacker’s funds have been effectively lost forever under the new protocol rules, so the newly minted Firo would cancel this out." "Please make your voice heard and opinion known."

Binance is the largest exchange in the world, and Firo is a privacy-based Proof-of-Work blockchain. The Firo blockchain was weeks away from launching a chainlock feature when they were 51% attacked. The attacker attempted to double-spend coins through Binance.

As a result of the attack, the Firo team released an update which locked the attacker's address, and after a community vote, underwent a hard fork upgrade to return funds to affected exchange platforms. Therefore, there were no losses in the end.

HOW COULD THIS HAVE BEEN PREVENTED?

51% attacks can be prevented through a mix of increased block confirmation times and setting checkpoints to prevent large-scale reorganizations. This means the exchange will not credit newly deposited funds, and nodes will be prevented from accepting attacking chains.

Check Our Framework For Safe Secure Exchange Platforms

Privacy-focused Firo cryptocurrency suffers 51% attack (Oct 2)
Home | Firo - Financial Privacy Renewed (Oct 18)
Privacy-Centric Cryptocurrency Firo Suffers 51% Attack on Its Network – Altcoins Bitcoin News (Oct 18)
https://www.binance.com/en/support/announcement/4a06d6ab6abb4f08b12bb93d6fec30ec (Nov 13)
@Altcoinbuzznews Twitter (Nov 13)
@firoorg Twitter (Nov 13)
@cz_binance Twitter (Nov 13)
Firo Community Meeting #2 - 23rd January 2021 - YouTube (Nov 13)
Binance - Wikipedia (Nov 9)
https://www.binance.com/en (Nov 13)
Release v0.14.3.0 · firoorg/firo · GitHub (Nov 13)
Firo 51% attack post mortem and vote on attackers' funds - General - The Firo Forum (Nov 13)

More case studies

Hong Kong Cash
Theft Sequel

BuyUCoin
Data Breach