Industry News

Know who hacked the Binance cryptocurrency exchange? Earn $250,000

Binance, one of the world’s biggest cryptocurrency exchanges by trading volume, has offered a reward equivalent to $250,000 to anyone providing information that leads to the arrest of hackers who attacked the platform last week.

For two minutes on March 7th, the Binance platform saw abnormal trading activity, which caused automatic protection systems to trigger, blocking any withdrawals.

The exchange explained that it had seen sophisticated phishing attacks targeting its users since early January, and around February 22nd there was a sharp uptake in phishing emails pointing to similar-looking domains but using unicode characters (under the “i” and the “a” of “binance.com”

Reports suggest that many of the compromised accounts did have two-factor authentication (2FA) enabled for a higher level of protection. Unfortunately for them, their 2FA codes were valid for 30 seconds or so, meaning that once the code had been given to the phishing site the attackers could generate an API key and use it to access the real site.

All very sneaky. But whoever seized control of the accounts appears to have bided their time, choosing not stealing cryptocurrency immediately but instead creating a trading API key for each hacked account.

On March 7th the hackers were ready to try to turn their hack into hard cash, placing “a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top.”

The bad news for the hackers was that Binance’s automated systems quickly blocked all withdrawals, including attempts by the phishers themselves to make off with their intended fortune.

As Binance describes, “not only did the phishers fail to steal any coins, their own coins have also been withheld.”

Binance says that its prompt action meant that the hack was unsuccessful, but nonetheless it was an organised attack and one that it wishes to see result in the arrest of whoever was responsible.

To that end Binance is offering a $250,000 equivalent bounty “to anyone who supplies information that leads to the legal arrest of the hackers involved in the attempted hacking incident on Binance on March 7th, 2018.”

Those with information are asked to share it with their local law enforcement agencies, as well as bounty@binance.com.

In addition, Binance says it has allocated the equivalent of ten million dollars for future awards against illegal hacking attacks against its systems.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

  • Ha, nice try, the tricky part is proving you didn't know the hacker or are the hacker. Rewards like these always have a catch and its never that easy to get a "reward." Even if you're purely innocent, it'll be like pulling teeth to justify your reasoning.