The past few days haven’t gone down particularly well for Binance, the largest cryptocurrency exchange in the world (by trading volume). Days after facing an uproar over its failure to execute a system upgrade on time, Binance now finds itself at the receiving end of a hack attempt.
As it turns out, Binance and the investors signed up with the exchange were affected by a breach of a third-party software on March 7. The breach led to many unauthorized transactions being made from compromised accounts.
Binance quickly switched to a damage-control mode as its chief executive Changpeng Zhao took to social media to announce that user-funds were safe and the exchange was operating normally.
“All funds are safe. There were irregularities in trading activity, automatic alarms triggered. Some accounts may have been compromised by phishing from before. We are still investigating. All funds are safe,” the Binance CEO tweeted.
However, that was too little, too late for many disgruntled users who went on elaborating the dire situation they were facing on social media. Many complained that their altcoins had been converted to bitcoin without their permission.
Even more strikingly, some users were not even logged into their accounts when their funds were being manipulated with.Zhou posted a second tweet shortly after suggesting that the initial investigations had managed to localize the irregular trades. He promised that everyone affected by this fiasco would have their lost assets refunded.
“All funds are safe, thanks to the fast alarm,” he reassured the panicking Binance users.
However, the company later issued another statement saying that there was an elaborate and extensive “phishing and stealing attempt” spanning a couple of minutes. It then acknowledged that some unauthorized tradings that took place during the course of the breach were, in fact, irreversible.
Back then, the exchange didn’t provide any additional information regarding how it planned on compensating the investors affected by the irreversible trades.
A few Redditors reported that the perpetrators were using their bitcoins to purchase VIA coins at $0.025 per token. Once the transaction is complete, the perpetrator withdrew the purchased tokens in small amounts in order to avoid triggering the alarm.
According to reports, they carried on with this strategy for almost an hour before Binance admins finally froze the withdrawals. It’s another matter that the admins took the punitive step only after being alerted to the situation by users who noticed irregular account activities.
“Binance sold all my Alt coins at market rate,” the Reddit user who goes by the ID u/Shashankkgg posted on the r/Binance subreddit.
“Same happened to me. I had 100% USDT worth $1548. Today I logged in so I can buy some xrp but my account balance is $200 out of $1548 and apparently I bought 5 VIA coins and exchanged my USDT to BTC while I was in the gym? I have 2FA enabled. I don’t use any API or boots or anything and I’m level 2 verified on Binance. Stupid thing is that in “trade history” shows that I’ve bought successfully $1548 worth of USDT and nothing else. However, my money is missing. I’ve already opened a ticket with Binance,” another user replied.
In the wee hours of March 8, the company claimed to have refunded all irregular trades with Zhou later explaining that the attackers used a phishing website to steal login credentials from their victims before redirecting them to the original Binance website.
A user’s history. Can you see the two dots under the domain name? Phishing website that redirects to the real website after login. Additionally, after you log in once, it doesn't let you access the phishing site again – will auto-redirect you to Binance (even after logging out) pic.twitter.com/WOKhKrp7tx
— CZ (not giving crypto away) (@cz_binance) March 7, 2018