Hot search keywords

Hot search keywords

24h Volume of VIA Soar To 25,000 BTC Due To Irregular Trade On Binance

Words that Binance was hacked first appeared in wechat group around 1am 8 March (Beijing Time GMT+8). Some users account dumped alts for btc and then bought an altcoin called VIA, highest price of which was 0.025 BTC. It was 100 times more than its usual price at around 2,300 satoshi. 24h volume of BIA/BTC on Binance is around 14,197 BTC as of 16pm today. Bittrex and upbit recorded 6,322 BTC and 5,486 BTC volume accordingly.

Meanwhile, BTC rate took a nose dive and dropped from around 11,700 USD to around 9,400 USD but soon recovered some loss.

Zhao Changpeng, CEO of Binance, confirmed the incident on twitter at 2:34 am (Beijing Time):

“All funds are safe. There were irregularities in trading activity, automatic alarms triggered. Some accounts may have been compromised by phishing from before. We are still investigating. All funds are safe.”

The twitter starts and ends with “all funds are safe”. The unusual reiteration makes people more concerned on the short-term prospect.
Later he explained how hacker get access to user’s account by posting a screenshot of login history from a user:

“Can you see the two dots under the domain name? Phishing website that redirects to the real website after login. Additionally, after you log in once, it doesn’t let you access the phishing site again – will auto-redirect you to Binance (even after logging out)”

20180308101753

The two dots below the character is hardly noticeable. As I am curious how the hacker pulls the job, “Fake Unicode” offers an explanation:

“Domains can only use a-z0-9 and -, so a system was created to encode Unicode in just alphanumerics: https://en.wikipedia.org/wiki/Punycode

bịnạnce [62 1ECB 6E 1EA1 6E 63 65] is converted to punycode: xn--bnnce-k11b2l

Which can be displayed as the Unicode in browsers and embedded links.”

Assuming xn--bnnce-k11b2l is the case, the whois info indicates that the domain was registered on 26 Feb 2018 and owned by “McColl Dilan”, which is no doubt a fake id.

20180308170307

But the latest alert from Binance indicates there are so many impostors of the #1 crypto exchanges.

e9

Binance blocked withdrawal attempt of hackers and reversed irregular trades and claimed only hacker suffered real loss.
Is it so?

The incident reminds Wu Guanggeng from bixin of similar incident in Mt.Gox in 2011. But time has changed, hackers may have other ways to harvest their profits.
Li Xiaolai said:

20180308101347

“Hackers are very “Niubi”. It looks like they have been plotting this for quite a while. If that’s the case, they might not need to withdraw BTC. They could profit from pre-planned shorts in other exchanges. “

He Yi, COO of Binance, also blamed the highly job. She posted a screenshot in which someone was asking to collect chatlog of her to stir up the panic among ordinary users.

20180308103624

“It’s a coordinated and disciplined job: Hacker kicked off-withdrawal failed-FUD spreading-Short the market-Conspiracy story to influence ordinary trader-Collect feedback-FUD again. Such coordination requires at least two strings of powers. If it is managed by one group of people, that would be creepy.”

Hackers maybe decentralized but the job was highly coordinated.

Not everyone bought the story. Some users claimed that hacker incident was fake and Binance did an “inside job” to steal funds from users. But such assumption was refuted as it’s unwise to make up a “hacker” story while risking the long-term benefits of the exchange.

Binance has resumed withdrawal now but not all trades were reversed.

“ There are still some users whose accounts where phished by these hackers and their BTC were used to buy VIA or other coins. Unfortunately, those trades did not execute against any of the hackers’ accounts as counterpart. As such, we are not in a position to reverse those trades. We again advise all traders to take special precaution to secure their account credentials.”

Lesson should be learned by bitcoiners and nocoiners alike.

COMMENTS(2)

Please sign in first