According to online reports, Binance founder Zhao Changpeng (CZ) expressed detailed views on recent hacking incidents,"We have observed a rule that hackers can steal large amounts of cryptocurrency from multi-signature 'cold storage' solutions, such as Bybit, Phemex, WazirX, etc. Exchanges have encountered similar situations. In the recent Bybit case, a hacker was able to have the front-end user interface display a legitimate transaction, while the actual signature pointed to another transaction. For other cases, based on limited information, similar tactics appear to have been used. Even more worrying is that the affected exchanges use different multi-signature solution providers. The hacking organization Lazarus Group has demonstrated extremely advanced and extensive penetration capabilities. It remains unclear whether the hacker successfully penetrated multiple signature devices, or the server side, or whether both were compromised. Some people questioned my previous suggestion of suspending withdrawals as a standard security precaution (I tweeted on the shuttle bus to the airport). My intention was to share a practical approach based on experience and observation, but there is no absolute right or wrong in this approach. My guiding principle has always been to lean towards the safer side. After any security incident, all operations should be suspended to ensure that we fully understand what happened, how hackers penetrated the system, which devices were compromised, and then resume operations after a triple check ensures security. Of course, suspending withdrawals may cause more panic. In 2019, after a major $40 million hack, we suspended withdrawals for a week. When we resumed withdrawing cash (and recharging), the recharge amount actually exceeded the withdrawal amount. This is not to say that this method is better, every situation is different, and this requires judgment. I tweeted to share possible effective practices and intended to express support in a timely manner. I believe Ben made the best decision based on the information he had. Ben maintained transparent communication and a calm attitude when dealing with this challenging situation. This is in sharp contrast to other CEOs who lack transparency, such as WazirX, FTX, etc. The cases mentioned here are all different. FTX is fraud. As for WazirX, I will not comment because of the ongoing litigation. Most importantly, we should never take security for granted. Understanding security knowledge is important so that you can choose the right tools for your needs. To this end, I will share an article I wrote a few years ago. Although somewhat outdated, the basic concept still applies. Keep it safe (SAFU)!"