Summary of the Phishing and Attempted Stealing Incident on Binance

binanceexchange (57) in cryptocurrency • 7 years ago

no phishing.png

On Mar 7, UTC 14:58–14:59, within this 2 minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system was triggered, and all withdrawals were halted immediately.

This was part of a large scale phishing and stealing attempt.

So far: All funds are safe and no funds have been stolen.

The phishers accumulated user account credentials over a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it was around Feb 22, where a heavy concentration of phishing attacks were seen using unicode domains, looking very much like binance.com, with the only difference being 2 dots at the bottom of 2 characters. Many users fell for these traps and phishing attempts. After acquiring these user accounts, the phishers then simply created a trading API key for each account but took no further actions, until yesterday.

Yesterday, within the aforementioned 2 minute period, the phishers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.

However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the phishers were also frozen. Not only did the phishers fail to steal any coins, their own coins have also been withheld.

The phishers were well organized. They were patient enough to not take any immediate action, and waited for the most opportune moment to act. They also selected VIA, a coin with smaller liquidity, to maximize their own gains.

After a thorough security check by Binance, we resumed withdrawals. Trading functionality was never affected. There are still some users whose accounts where phished by these phishers and their BTC were used to buy VIA or other coins. Unfortunately, those trades did not execute against any of the phishers’ accounts as counterpart. As such, we are not in a position to reverse those trades. We again advise all traders to take special precaution to secure their account credentials.

Protecting our traders is and has always been our highest priority.

Thanks for your support!

Binance Team

2018/03/08

cryptocurrency bitcoin money news blockchain

7 years ago by binanceexchange (57)

$0.00

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

onealfa (74) · 7 years ago

Good old rule confirmed again:
Your keys (private)- your money, no keys - not your money.

$3.87

9 votes

[-]

spiritualmatters (55) · 7 years ago (edited)

As a newb to crypto, the options for exchanges is limited due to new sign-up freezes.

Open Ledger doesn't have many assets to choose from; but, one good thing is each user has private keys, even though a simple user name is equivalent to the private key. I know all exchanges are subject to phishing risks; but, it's a bit reassuring to know the funds are a bit more secure than just setting on a public exchange.

It shall be interesting to see how the OL platform grows over time. They certainly seem to be putting a lot of work into getting it up and running competitively with the likes of Bittrex, etc.

Btw, that was a good catch by Binance.

Best regards!

Peace.

$0.00

[-]

katteasis (63) · 7 years ago

Is this official steem account of Binance? I am curious.

$0.51

2 votes

[-]

smooth (70) · 7 years ago

Yes it is and you are wise to be cautious about impersonation.

If you go to the binance.com site and look carefully at the very bottom you will see a steemit logo along with the other social logos (twitter, etc.). Click on that steemit logo and it takes you to this account.

$0.59

4 votes

[-]

katteasis (63) · 7 years ago

Thanks @smooth , I just confirmed it.

$0.00

[-]

acidyo (80) · 7 years ago

This is very well handled by binance, kudos to the professionalism.

$0.44

9 votes

[-]

amrutha (35) · 7 years ago

@acidyo.. Thanks a lot for resteeming! Exactly the kind of info to be passed on! Unfortunately FUD always travels faster 😑 kudos to binance for the great work!

$0.60

5 votes

[-]

drakos (70) · 7 years ago

They can set an example of professionalism to that other place.

$0.00

[-]

teamsteem (74) · 7 years ago

Binance being on Steem and having Steem on their exchange is also another thing they are an example for.

$1.39

2 votes

[-]

the-bitcoin-dood (63) · 7 years ago

You folks have to be one of the best exchanges as far a communication is concerned. So many exchanges keep their customers in the dark when there are issues. Binance is always quick with informing their customers of any issues they're having.

$0.41

4 votes

[-]

islandliving (57) · 7 years ago (edited)

A friend of mine is having anxiety laughter because he doesn’t know if his 10k in bitcoin will be recovered. Mine is fine probably due to very small holdings. He’s done w/ Binance

$0.15

1 vote

[-]

hms818 (61) · 7 years ago

Thanks @binanceexchange for taking timely action and rectifying the issues....Hope to see everything working normal soon!

$0.13

1 vote

[-]

grizgal (55) · 7 years ago

It’s not difficult. Don’t leave coins on exchanges. Leave them in hardware wallets. Transfer to exchanges when you want to ‘exchange’ them. If you don’t control your private keys you don’t really control your coins!

$0.13

2 votes

[-]

cryptogee (75) · 7 years ago

Hey I just thought of something;

Have you verified this account? How do we know you're the real Binance; did you do a Twitter verification?

I know I'm paranoid, but am I paranoid enough?

Thanks.

$0.12

1 vote

[-]

binanceexchange (57) · 7 years ago

You can find this account linked directly from the Binance homepage.

$1.25

10 votes

[-]

eirik (69) · 7 years ago (edited)

Thank you for handling the whole situation so professionally.

You guys are awesome!

$0.05

1 vote

[-]

bluewinter (57) · 7 years ago

thanks for updating us

$0.11

1 vote

[-]

deadspace (69) · 7 years ago

Wow, I wish other companies like Coinbase or Bittrex could be half as good as communicating with their customer base. Thumbs up to you guys for being so upfront and handling the whole ordeal in a professional way!

$0.03

1 vote

[-]

cryptogee (75) · 7 years ago

Woah! Holding my breath before I log in. Great to see you're on Steemit guys :-)

$0.00

1 vote

[-]

tenhanger (43) · 7 years ago

If you haven't lost the money, you're doing better than the majority of historical crypto-exchanges. keep on trucking Binance, but we think you're bigger problem at the moment is probably the SEC, are you going to go "white shoe" or join the de-centralized fully-private "dark side" of the force?

$0.00

1 vote

[-]

silver79 (25) · 7 years ago

So, I assume one way to know whether or not we were affected is to check for any suspicious API keys, right?

$0.00

[-]

zemiatin (57) · 7 years ago

Binance just seems to handle every situation in the most professional way. Good job.

$0.00

[-]

niitesh (33) · 7 years ago

Binance is one of my favorite crypto exchange.

$0.00

[-]

otemzi (67) · 7 years ago

nice to see that such actions are in place to prevent such attacks, kudos to your team and thanks for the update

$0.00

[-]

bengy (73) · 7 years ago

Well done, a fast analysis and response earns trust. Great that they didn't make off with anything, and funny that they lost their VIA.

$0.00

[-]

stadex (50) · 7 years ago

21st century bank robbery.

$0.00

[-]

perfect-man (27) · 7 years ago

wow really nice post my daer. i really like your post.

$0.00

[-]

jumartphoto (57) · 7 years ago

thanks for sharing!

$0.00

[-]

expertroyal (48) · 7 years ago

Thanks for the news.

$0.00

[-]

voluntary-io (43) · 7 years ago

My blood pressure raised yesterday when I saw the first news, but you guys did a good job communicating the up to date status very quickly. Binance is my favorite exchange. Stuff like this happens and well handled incident like this one can only add to your reputation. Thanks for keeping us updated.

$0.00

[-]

pasaift (57) · 7 years ago

I love the way you guys aint keeping us in the dark. This is truly lovely. Wish other exchangers would take notice of this. There should be efficient communication between a man and who holds his funds. Kudos binance team

$0.00

[-]

cryptaligator (28) · 7 years ago

Every time this happens I have more confidence in Binance, their communication and transparency is outstanding.

$0.00

[-]

ace108 (77) · 7 years ago

Just checked. Had to relogin. Everything looks good. Yay.

$0.00

[-]

pacxiu (52) · 7 years ago

I am impressed by your professionalism. Binance is currently the best exchange. Soft, support - outstanding. Keep it up!

$0.00

[-]

tarekadam (67) · 7 years ago

Thank you for the open and prompt communication.

$0.00

[-]

kickup008 (46) · 7 years ago

this is very good handled by binance, kudos to the professionalism.

$0.00

[-]

mikefromtheuk (56) · 7 years ago

If it's on an exchange it's not in your wallet. When will people learn not to store their coins on exchanges?

$0.00

[-]

vicspics (51) · 7 years ago

Thanks for telling us about this and as like katteasis asked, I didn't know you had an official presence here.

$0.00

[-]

opeyemioguns (68) · 7 years ago

My first time knowing about binance. Gotta try it

$0.00

[-]

theversatileguy (55) · 7 years ago

wow , it is by far the fastest response i have seen , good job binance

$0.00

[-]

creativetruth (67) · 7 years ago (edited)

Thanks for hiring a dazzler team of crack experts to preemptively keep our wallets and coins safe from thieves and attacks.

$0.00

[-]

ontheverge (54) · 7 years ago

#Binance is great for using Steemit as a social media.

$0.00

[-]

safetony (47) · 7 years ago (edited)

Once again Binance does not fail to delight me as the attack was very sneaky and affected many users as you can see by the below tweet it is almost impossible to spot the difference in urls which is why you should always manually type it or use a bookmark.

~~https://twitter.com/cz_binance/status/971476396278099969~~
https://twitter.com/cz_binance/status/971483376753393664

A user’s history. Can you see the two dots under the domain name? Phishing website that redirects to the real website after login. Additionally, after you log in once, it doesn't let you access the phishing site again - will auto-redirect you to Binance (even after logging out)

$0.00

[-]

twitterbot (56) · 7 years ago

CZ (not giving crypto away) tweeted @ 07 Mar 2018 - 20:03 UTC

We have localized the irregular trades, they will be reversed. All funds are safe, thanks to the fast alarm. Plea… twitter.com/i/web/status/9…

Disclaimer: I am just a bot trying to be helpful.

$0.00

[-]

safetony (47) · 7 years ago (edited)

wrong link this is the right one! https://twitter.com/cz_binance/status/971483376753393664

$0.00

[-]

twitterbot (56) · 7 years ago

CZ (not giving crypto away) tweeted @ 07 Mar 2018 - 20:31 UTC

A user’s history. Can you see the two dots under the domain name? Phishing website that redirects to the real websi… twitter.com/i/web/status/9…

Disclaimer: I am just a bot trying to be helpful.

$0.00