Large-Scale Heist of Cryptocurrency Exchange Binance Fails

Early on March 7, users of the cryptocurrency exchange Binance began noticing trades that were executed without their consent. On social media and on discussion groups online, multiple users speculated that the exchange or their accounts had been hacked. They posted images and confirmed that their altcoins — cryptocurrencies with relatively lower market values — were used to buy bitcoins, which were then used to buy the little-known cryptocurrency Viacoin.

Viacoin’s value spiked considerably during this period, and some began to wonder if this was a plan to pump the price of Viacoin. The developers of the coin have denied any involvement.

In a statement on March 8, the Binance team shed some light on the incident through a blog post. According to their investigation, hackers managed to obtain the credentials of Binance users through a phishing scheme that began in January. The hackers used a fake domain which looked similar to the original; it was listed as “bịnạ” The two small accents below the “i” and “a” are barely noticeable, making the site practically indistinguishable from the legitimate one. Many users were compromised with this scam.


Figure 1. The CEO of Binance shows how the phishing attack worked

Instead of stealing directly from the compromised accounts, the hackers created trading API keys. And then, in a brief two-minute period (UTC 14:58-14:59), as Binance reports, the hackers used the API keys and bought a large amount of Viacoin currency. There were 31 accounts selling pre-deposited viacoins (presumably these accounts were set up by the hackers). This was a complicated attempt to transfer bitcoins from compromised user accounts to the 31 accounts. Withdrawal attempts were made immediately after the trades.

Luckily, the Binance risk management system noticed the irregular trading spike and all withdrawals were halted soon after. This convoluted attempt actually resulted in a loss for the hackers since the 31 accounts that were pre-deposited with viacoins were frozen.

Figure 2. The CEO of Binance reassures users and gives some advice

The hackers were left at a deficit, but some victims of the phishing attack also suffered losses from the unauthorized VIA/BTC trades. Binance says that “those trades did not execute against any of the hackers’ accounts as counterpart. As such, we are not in a position to reverse those trades. We again advise all traders to take special precaution to secure their account credentials.”

In 2017, we saw that the rising value of cryptocurrency triggered a wave of new threats. That trend seems to be continuing into 2018 with malicious actors trying out different schemes — from social media scams to hackers trying to compromise online wallets, and now even phishing attacks. Phishing is a relatively old technique that is constantly being improved by cybercriminals, and constantly finding susceptible targets. Aside from this incident, in the beginning of February we saw an email phishing attack against the cryptocurrency startup Bee Token.

While using strong passwords and enabling two-factor authentication (2FA) are good practices to secure online and mobile app accounts, phishing is another matter. It is important to be alert, informed, and prepared so as not to fall for scams.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.