Earlier this week, reports suggested that Binance, one of the largest cryptocurrency exchanges, was hacked as several users reported seeing their Bitcoin holdings turning into an altcoin named Viacoin (VIA). Binance confirmed that no money was lost. Now it appears that this is potentially the first time that it was the criminals - not the users or the exchange - who lost their money.
"All funds are safe," Binance CEO Changpeng Zhao assured customers on Twitter. "There were irregularities in trading activity, automatic alarms triggered. Some accounts may have been compromised by phishing from before. We are still investigating. All funds are safe."
Phishing campaign that was going on since January
The company's cybersecurity team apparently intervened in time, suspending all the withdrawals, costing hackers some money. Binance said that hackers ran quite a well-planned phishing campaign that appears to be carried out by "well organized" cybercriminals.
This campaign started back in January that duped Binance users into handing over their login credentials through a phony website that carried an identical URL, bịnạnce.com, - notice the little dots that are nothing but gems for criminals behind phishing campaigns.
The company managed to track this campaign because phishing website was immediately redirecting users to the legitimate Binance login page to avoid suspicion. This left a trail in the referral logs that was detected by the firm. Binance said that the campaign was at its peak around February 22.
Instead of using those credentials to drain user accounts, hackers had another plan. Using passwords they were able to generate "trading API keys" for each account that enabled them to build software that could interact with the Binance exchange. Waiting for the right time, they started their operation on Wednesday morning, ordering Viacoin in bulk shooting its price to 143% in 30 minutes.
After acquiring these user accounts, the hacker then simply created a trading API key for each account but took no further actions, until Wednesday.
With the API keys, they automated transactions on Binance that sold users' Bitcoin and automatically bought Viacoin from 31 other Binance accounts that were used by criminals to hold the previously bought coins.
The exchange had an internal risk management system that detected this sudden rush in sale orders that happened in less than 2 minutes and blocked all transactions on the platform.
When criminals tried to cash these 31 Binance accounts, they couldn't. Binance identified these accounts and reversed all transactions, confiscating the original Viacoin funds, as well, that criminals had deposited in their accounts.
Binance has reversed all irregular trades. All deposit, trading and withdrawal are resumed. will write a more detailed account of what happened shortly. Interestingly, the hackers lost coins during this attempt. We will donate this to Binance Charity.
— CZ (not giving crypto away) (@cz_binance) March 7, 2018
It remains unclear how much hackers lost but the industry that has been dealing with a little too many hacks and thefts is - for a change - happy to hear about an incident that made hackers lose their money.