Binance, one of the world’s biggest cryptocurrency exchanges by trading volume, has offered a reward equivalent to $250,000 to anyone providing information that leads to the arrest of hackers who attacked the platform last week.
For two minutes on March 7th, the Binance platform saw abnormal trading activity, which caused automatic protection systems to trigger, blocking any withdrawals.
The exchange explained that it had seen sophisticated phishing attacks targeting its users since early January, and around February 22nd there was a sharp uptake in phishing emails pointing to similar-looking domains but using unicode characters (under the “i” and the “a” of “binance.com”
Reports suggest that many of the compromised accounts did have two-factor authentication (2FA) enabled for a higher level of protection. Unfortunately for them, their 2FA codes were valid for 30 seconds or so, meaning that once the code had been given to the phishing site the attackers could generate an API key and use it to access the real site.
All very sneaky. But whoever seized control of the accounts appears to have bided their time, choosing not stealing cryptocurrency immediately but instead creating a trading API key for each hacked account.
On March 7th the hackers were ready to try to turn their hack into hard cash, placing “a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top.”
The bad news for the hackers was that Binance’s automated systems quickly blocked all withdrawals, including attempts by the phishers themselves to make off with their intended fortune.
As Binance describes, “not only did the phishers fail to steal any coins, their own coins have also been withheld.”
Binance says that its prompt action meant that the hack was unsuccessful, but nonetheless it was an organised attack and one that it wishes to see result in the arrest of whoever was responsible.
To that end Binance is offering a $250,000 equivalent bounty “to anyone who supplies information that leads to the legal arrest of the hackers involved in the attempted hacking incident on Binance on March 7th, 2018.”
Those with information are asked to share it with their local law enforcement agencies, as well as firstname.lastname@example.org.
In addition, Binance says it has allocated the equivalent of ten million dollars for future awards against illegal hacking attacks against its systems.