Summary of the Phishing and Attempted Stealing Incident on Binance

Binance
Binance
Mar 8, 2018 · 2 min read
Image for post
Image for post

On Mar 7, UTC 14:58–14:59, within this 2 minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system was triggered, and all withdrawals were halted immediately.

This was part of a large scale phishing and stealing attempt.

So far: All funds are safe and no funds have been stolen.

The phishers accumulated user account credentials over a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it was around Feb 22, where a heavy concentration of phishing attacks were seen using unicode domains, looking very much like binance.com, with the only difference being 2 dots at the bottom of 2 characters. Many users fell for these traps and phishing attempts. After acquiring these user accounts, the phishers then simply created a trading API key for each account but took no further actions, until yesterday.

Yesterday, within the aforementioned 2 minute period, the phishers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.

However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the phishers were also frozen. Not only did the phishers fail to steal any coins, their own coins have also been withheld.

The phishers were well organized. They were patient enough to not take any immediate action, and waited for the most opportune moment to act. They also selected VIA, a coin with smaller liquidity, to maximize their own gains.

After a thorough security check by Binance, we resumed withdrawals. Trading functionality was never affected. There are still some users whose accounts where phished by these phishers and their BTC were used to buy VIA or other coins. Unfortunately, those trades did not execute against any of the phishers’ accounts as counterpart. As such, we are not in a position to reverse those trades. We again advise all traders to take special precaution to secure their account credentials.

Protecting our traders is and has always been our highest priority.

Thanks for your support!

Binance Team

2018/03/08

Binance Exchange

Binance Exchange provides cryptocurrency trading for…

Binance

Written by

Binance

Binance Exchange provides cryptocurrency trading for fintech and blockchain enthusiasts globally, with multilingual support over a variety of services.

Binance Exchange

Binance Exchange provides cryptocurrency trading for fintech and blockchain enthusiasts globally, with multilingual support over a variety of services

Binance

Written by

Binance

Binance Exchange provides cryptocurrency trading for fintech and blockchain enthusiasts globally, with multilingual support over a variety of services.

Binance Exchange

Binance Exchange provides cryptocurrency trading for fintech and blockchain enthusiasts globally, with multilingual support over a variety of services

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store