Yesterday morning, the largest cryptocurrency trading platform in transaction volume,Binance, was hacked by a third-party software. That had the consequence to allow unauthorized withdrawals made from user accounts.
Binance‘s CEO, Chanpeng Zhao mentioned that everything is operating correctly since the minor threat and all the platform’s users funds are secure.
Many users concerned with the threat complained on Reddit and Twitter mentionning that some of their altcoins had been exchanged for bitcoins without their permission, and some of them weren’t even logged in.
Julian_007 stated,
“Same happened to me. I had 100% USDT worth $1548. Today I logged in so I can buy some xrp, but my account balance is $200 out of $1548, and apparently I bought 5 VIA coins and exchanged my USDT to BTC while I was in the gym?”
According to different posts on Reddit, their bitcoin served to buy Via coins for 0.025 bitcoin each. To avoid, the fraudsters withdrew their funds in small amounts.
Profetu, a Reddit user mentioned that Binance froze withdrawals one hour after the first complaints they received.
“The hacker accumulated VIA in advance (from Binance or other exchange and sent to Binance) then he set a huge sell order at 0.025BTC. Then using API made some account sell alts and buy VIA with that BTC, [and then withdrew] BTC,” wrote the same user.
According to Cointelegraph,
“Some traders proposed a theory linking the attack with compromised API keys which users requested from Binance to use within applications like trading bots and chart monitoring services.”
Bonnie_channel wrote,
“Do you use any trading bots like profittrailer or gunbot? Do you have any API opened for any kind of services?”
That could be an explanation to how the attackers skipped the two-factor authentication applied by users. However, it is still uncertain why users were attacked, since they never requested API keys.
Shashankkgg, a Reddit users stated,“That is what I am wondering! I never gave permission for this API key to be created. That is why I think it’s an issue on [Binance’s] end.”
In a Twitter post, Binance‘s CEO explained briefly what happened during yesterday morning’s issue.
— CZ (not giving crypto away) (@cz_binance) March 7, 2018
A user’s history. Can you see the two dots under the domain name? Phishing website that redirects to the real website after login. Additionally, after you log in once, it doesn't let you access the phishing site again - will auto-redirect you to Binance (even after logging out) pic.twitter.com/WOKhKrp7tx