Changpeng Zhao, the CEO of Binance, assured its customers via posting a message on Twitter that that all its funds are “safe” after thieves attempted to steal the largest trading platform in the world. According to Binance, its team of cyber security experts stepped in when it spotted dubious trading activity. Binance released a statement informing its customers that withdrawals were temporarily suspended and that the matter is being investigated. The company also highlighted that “no evidence” exists that the exchange was in any way compromised.
The Financial Times later reported that the would-be theft was “large-scale” and was conducted by “well-organized” online criminals. Prior to the actual heist, the thieves launched in Januaryr a phishing scheme that aimed to lure traders into giving their log-in credentials to fake sites. Once the hackers gained access to the passwords of users, it enabled them to produce API keys or passcodes that allowed its holder to create a software that would communicate with the Binance trading platform.
Hackers registered an identical domain name to binance.com spelled using Unicode characters that are akin to Latin – bịnạnce.com domain. The small dot underneath the letter “i” and “a” is a give-away of the site’s fakery. The Binance team has evidence that showed operations reaching its pinnacle on February 22. The thieves waited for the opportune time prior to utilizing their API keys to order a large bulk of viacoins thereby sending the digital currency’s cost to sky rocket from $2.80 to $6.79 in less than an hour.
The tremendous price increase signalled to the thieves that it is time to sell their holdings in return for bitcoin via 31 pre-loaded accounts. Withdrawal requests were quickly sent out by the hackers to Binance. Thanks to the “automatic risk management system” of Binance, the moderators of the trading platform blocked these transactions. According to Binance, “None of the withdrawals successfully went out. Additionally, the viacoins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld.”