He noted that to secure from further attacks the deposits and withdrawals are expected to be suspended for a week. They are conducting a review of the hacking attempt and will roll-out system upgrades soon. Moreover, he also advised the users to perform some security updates to their accounts.
Users Advised to Change Passwords, Update 2FA Code and API Settings
On a more important note, he has advised the users to update a few security settings. The hackers possibly were able to gain access to user passwords, API key, and 2FA codes. Hence, the users have been advised to change their passwords, 2-Factor Authentication ‘secret’ code and also review their API settings. He noted in his address,
“Users must disable and re-enable 2FA… Update their API settings and also create new passwords”
The users must be careful while saving the ‘new secret code’ in a secure location. Moreover, the API (Application Programming Interface) settings include permissions granted through several apps like Facebook and other e-mails accounts, these are used to log-in to different applications. For some popular apps, the update link is Google, Facebook, and Twitter.
He said that the security team is diligently working to release the system upgrades required to secure the Exchange and review the hack completely. Nevertheless, the trading will be active as usual with occasional shut-downs expected for maintenance and incorporating the updates during the week.
The deposits and withdrawals which were suspended as soon the hack was detected could be extended for another week, CZ noted.
Hacker’s Public Addresses Have been Flagged
The hackers performed the heist by sending Bitcoins to multiple addresses. The public addresses of the hackers have been published and shared with other cryptocurrency Exchanges as well. The particular addresses are ‘flagged’ and any transaction out of those Bitcoin wallets can be traced on the Bitcoin ledger. He tweeted,
“Also thanks to Coinbase and many other exchanges (again, can’t list everyone) pledging to block deposits from those addresses. Much appreciated!”
On the monetary fund, he noted that the funds are insured under #safu and while ‘they are hurt, they are not broken’. He reaffirmed his team’s ability in handling a high-pressure situation such as this.
He also suggested a roll-back of the transactions was also possible. However, was doubtful of the community’s approval in performing a roll-back on Bitcoin as it ‘destroys the credibility of Bitcoin as an immutable ledger.’
If you have any updates on the stolen fund, please do share with us.
Nivesh from Engineering Background is a full-time Crypto Journalist at Coingape. He is an atheist who believes in love and cultural diversity. He believes that Cryptocurrency is a necessity to deter corruption. He holds small amounts of cryptocurrencies. Faith and fear are two sides of the same coin. Follow him on Twitter at @nivishoes or mail him at nivesh(at)coingape.com