LIVE NOW

Cryptocurrency: What just happened to Binance?

Posted: 8 March 2018 11:10 am News

A dormant phishing attack suddenly emerged with dramatic results but the attackers came off second best.

There was an incident at Binance. As the world's largest cryptocurrency exchange by volume, this has sent ripples across the prices. When news broke, Binance investigated, froze all withdrawals and then moved to reverse suspicious trades.

At the time of writing things are back up and running, and thanks to the quick response, the attackers actually lost coins in their attempt.

What happened?

Current speculation suggests that someone compromised user trading APIs or phished user accounts and added their own trading API. These trading bots are used to automatically place an order on exchanges. The hacker sat on these compromised APIs for a while, until they had enough to do something with it.

Because they only compromised the trading bots rather than Binance itself, they were only able to force people to place orders and trade on the market, but could not actually make any withdrawals. The best way for them to make money would therefore be with a pump and dump. This is when someone manipulates the market into quickly spiking a coin's price, and then quickly selling it off at an enormous profit before the price comes crashing back down.

In this case, they did it to a relatively unknown token called Viacoin.

Sequence of events

  • Users reported that their Binance accounts automatically traded coins for a relatively unknown token called Viacoin.
  • Binance investigated and found no issues on its side.
  • Binance discovered that all affected users were using third party trading APIs.

"As of this moment, the only confirmed victims have registered API keys (to use with trading bots or otherwise). There is no evidence of the Binance platform being compromised," Binance said on Reddit.


The effect was a massive price spike in Viacoin and drops in other coin prices due to them being abruptly sold off for Viacoin.

Viacoin prices

How it happened

It's believed that affected users got their details phished from fake Binance sites, such as the one seen below. It was a more subtle fake than most, being hard to spot and even redirecting users to the real Binance site after installing the scam API.

Note the two small dots beneath the i and the a in the lower URL.


In the end

It looks like the attackers actually lost coins in the process, and the suspicious transactions are being reversed. After a few hours things are just about back to normal, although coin prices have yet to readjust.

It was a particularly subtle attempt, but Binance investigated and sorted it out very quickly. We now return you to your regularly scheduled super obvious scams.


Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VEN, XLM, SALT, BTC, XRB

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Ask a question
Go to site