Cryptocurrency: What just happened to Binance?
A dormant phishing attack suddenly emerged with dramatic results but the attackers came off second best.
There was an incident at Binance. As the world's largest cryptocurrency exchange by volume, this has sent ripples across the prices. When news broke, Binance investigated, froze all withdrawals and then moved to reverse suspicious trades.
At the time of writing things are back up and running, and thanks to the quick response, the attackers actually lost coins in their attempt.
Current speculation suggests that someone compromised user trading APIs or phished user accounts and added their own trading API. These trading bots are used to automatically place an order on exchanges. The hacker sat on these compromised APIs for a while, until they had enough to do something with it.
Because they only compromised the trading bots rather than Binance itself, they were only able to force people to place orders and trade on the market, but could not actually make any withdrawals. The best way for them to make money would therefore be with a pump and dump. This is when someone manipulates the market into quickly spiking a coin's price, and then quickly selling it off at an enormous profit before the price comes crashing back down.
In this case, they did it to a relatively unknown token called Viacoin.
Sequence of events
- Users reported that their Binance accounts automatically traded coins for a relatively unknown token called Viacoin.
- Binance investigated and found no issues on its side.
- Binance discovered that all affected users were using third party trading APIs.
"As of this moment, the only confirmed victims have registered API keys (to use with trading bots or otherwise). There is no evidence of the Binance platform being compromised," Binance said on Reddit.
The effect was a massive price spike in Viacoin and drops in other coin prices due to them being abruptly sold off for Viacoin.
How it happened
It's believed that affected users got their details phished from fake Binance sites, such as the one seen below. It was a more subtle fake than most, being hard to spot and even redirecting users to the real Binance site after installing the scam API.
In the end
It looks like the attackers actually lost coins in the process, and the suspicious transactions are being reversed. After a few hours things are just about back to normal, although coin prices have yet to readjust.
It was a particularly subtle attempt, but Binance investigated and sorted it out very quickly. We now return you to your regularly scheduled super obvious scams.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VEN, XLM, SALT, BTC, NANO
- SEC crackdown on Binance, Kraken – What it means for Aussie investors
- Sam Bankman-Fried found guilty – what it means for Australian FTX victims
- Bitcoin’s price soars over 10% on ETF rumours – here’s why
- New regulations for Aussie crypto exchanges: What it means for investors
- Sam Bankman-Fried’s FTX trial starts tomorrow – what it means for FTX customers