Popular multi-token exchange Binance froze all trades yesterday, in response to irregular activity from several accounts. Specifically, a large number of accounts simultaneously dumped their altcoins for BTC, and from there, started buying up Viacoin on the exchange, skyrocketing the price of the little-known altcoin. Here’s our take on what really happened.
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
The immediate response from Binance’s user base was to suspect a hack. Some even attributed yesterday’s BTC price plunge to yet more lax security on crypto trading platforms.
However, apart from a few terse tweets from company CEO Changpeng Zhao, users were left guessing as to what was happening. Some accused the exchange of malicious bot trading, and others spread their own theories in the vacuum of uncertainty left by Binance’s freeze.
Binance Update: There was no hack! A trading bot that some were using to trade automatically maliciously traded all alts into BTC and then bought VIA. If you weren't using the BOT you are not affected.
— Ran NeuNer (@cryptomanran) March 7, 2018
Even the lead developer of Viacoin commented on the issue, placing the blame with less savvy Tron bagholders:
… All those people with hacked binance accounts had Tron.
They all got phished & didn't thought it was weird to be redirected instead of getting logged in.
Most of them are from non western countries. (yes, West is the best)
— [ Romano ] (@RNR_0) March 8, 2018
Today, Binance put out an official release detailing what actually happened that led to several accounts’ sudden love for Romano’s crypto project. The details, while less fanciful than some of the speculation leading up to disclosure, are equally concerning:
In summary, hackers ran a two-month phishing campaign, using a technique called homograph replacement, wherein an attacker uses a visually similar character (often from a non-English language) to register a domain that looks identical to the real one, but in reality has one or more letters replaced with false characters.
In this case, the attackers used bịnạnce.com instead of the correct binance.com — note the accents on the vowels in the fake domain. Didn’t see them at first? That’s why it’s a problem.
The fake link was then distributed on social media and messaging apps, in an attempt to trick users into clicking them, giving the hackers a window to steal their credentials.
The actual attack was well coordinated, with the affected users being forced to empty their balances into Viacoin, which they were buying from the hackers at a premium. This all happened in a span of 2 minutes. Binance even commented on the level of orchestration involved in their incident report:
“The hackers were well organized. They were patient enough to not take any immediate action, and waited for the most opportune moment to act. They also selected VIA, a coin with smaller liquidity, to maximize their own gains.”
Luckily though, Binance was able to freeze withdrawals before the attackers could cash out their earnings, and reversed the malicious trades.
This marks one of the first occasions where would be hackers may have lost money on an exchange attack. The phishing campaign and previous buy-up of Viacoin wasn’t free, and without an ROI, the BTC presumably sunk into their illegal venture is gone for good.
Does this sound like a plausible account of what happened at Binance? Share your thoughts below if you have them.
Images via Pixabay