BitLeek Notices

Summary of the Phishing and Attempted Stealing Incident on Binance / Binance部分用户账号异常事件始末


  • administrators

    Fellow Binancians,
    On Mar 7, UTC 14:58-14:59, within this 2 minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system was triggered, and all withdrawals were halted immediately.
    This was part of a large scale phishing and stealing attempt.  
    So far: All funds are safe and no funds have been stolen.
    The hackers accumulated user account credentials over a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it was around Feb 22, where a heavy concentration of phishing attacks were seen using unicode domains, looking very much like binance.com, with the only difference being 2 dots at the bottom of 2 characters. Many users fell for these traps and phishing attempts. After acquiring these user accounts, the hacker then simply created a trading API key for each account but took no further actions, until yesterday.
    Yesterday, within the aforementioned 2 minute period, the hackers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.
    However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld.
    The hackers were well organized. They were patient enough to not take any immediate action, and waited for the most opportune moment to act. They also selected VIA, a coin with smaller liquidity, to maximize their own gains.
    After a thorough security check by Binance, we resumed withdrawals. Trading functionality was never affected. There are still some users whose accounts where phished by these hackers and their BTC were used to buy VIA or other coins. Unfortunately, those trades did not execute against any of the hackers’ accounts as counterpart. As such, we are not in a position to reverse those trades. We again advise all traders to take special precaution to secure their account credentials.
    Protecting our traders is and has always been our highest priority.
    Thanks for your support!
    Binance Team
    2018/03/08
     
    Find us on
    Telegram: https://t.me/binanceexchange
    Twitter: https://twitter.com/binance_2017

    https://support.binance.com/hc/en-us/articles/360001547431-Summary-of-the-Phishing-and-Attempted-Stealing-Incident-on-Binance

    亲爱的用户:
    在香港时间2018年03月07日22:58-22:59两分钟内,VIA/BTC交易对异动,触发风控,自动停止了提币。这是一次大规模通过钓鱼获取用户账号并试图盗币事件。
    目前:所有资金安全,无任何资金逃离。
    黑客在长时间里,利用第三方钓鱼网站偷盗用户的账号登录信息。最早被钓鱼的账号可追逆到一月初,但大多数账号是在2月22日左右,用unicode的Binance域名(Binance底部有两个点)钓鱼。黑客获得账号后,自动创建交易API,之后便无动作,直至昨日。
    昨日,在两分钟内,黑客通过盗取的API Key,在VIA/BTC交易市场,程序化下市价买单,和31个预先充值VIA币的账号高价卖VIA。目的为把BTC输入到31个预先准备的账号,然后迅速想将这31个账号里的BTC提走。但因异常交易触发了自动风控,导致提币暂停,这些币并未被提出。反而,这31个账号预先存入的VIA币也被冻结。黑客非但没有提走币,反而自己的币被扣留。
    这次事件中的黑客有组织有纪律,在成功钓鱼用户的账号信息后,并不急于获利,而是耐心等到最佳时机,选择了流动性较低的VIA币,来最大化自己的获利。
    Binance经过严格安全审核后,现已恢复提现。交易从未停过。仍有部分用户因自己的账号被钓鱼者偷盗,并已把BTC买成VIA或其它币,但由于这些交易对手方不是黑客账号,Binance无法回滚交易。在此再次提醒用户注意保护自己的账户安全。
    Binance永远以保护用户的利益为主。我们感谢您对我们的支持!
     
    感谢您对Binance的支持!
     
    Binance团队
    2018年03月08日
     
    Binance社群
    Telegram: https://t.me/BinanceChinese
    Twitter: https://twitter.com/binance_2017

    https://support.binance.com/hc/zh-cn/articles/360001547431-Summary-of-the-Phishing-and-Attempted-Stealing-Incident-on-Binance


Log in to reply
 

Looks like your connection to space.bitleek.com was lost, please wait while we try to reconnect.