Recap: Binance Attack
On March 7th, the second-largest cryptocurrency exchange by market cap, Binance, almost fell victim to large-scale attack. According to the company, the attack — which took place over just a two minute period — was part of a well-organized phishing and stealing attempt. Fortunately, when all was said and done, users funds were declared safe.
What happened? Hackers used account information obtained through several months of phishing and strategically placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top in an attempt to move the Bitcoin from the phished accounts to 31 accounts controlled by the hackers. Withdrawal requests were then attempted from these accounts immediately afterwards.
In a blog post, Binance described how it played-out as follows: “As withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld.”
“Binance Hacker Bounty”
Today, in response to these attempted thefts, Binance issued a statement entitled “Binance Hacker Bounty.” In it, they explain that this most recent attack highlights the fact that the industry can’t simply play defence. The company explains how the hackers were well organized and patient: waiting for the most opportune moment to act and utilizing VIA, a coin with small liquidity, to maximize their gains.
Because of this, Binance is offering:
“A $250,000 USD equivalent bounty to anyone who supplies information that leads to the legal arrest of the hackers involved in the attempted hacking incident on Binance on March 7th, 2018.”
The company outlines how the process will work: a person who provides information leading to the arrest will receive their payout in BNB, Binance’s self-issued coin, and if it’s multiple people, the company will split the bounty at its digression amongst those involved.
And there’s more. Binance also states that it has allocated the equivalent of $10,000,000 USD in crypto reserves for future bounty awards against any illegal hacking attempts on the exchange. And even further, the company asks others in the industry to join them in this offensive move against future potential hacks, saying:
“We have also invited other exchanges and crypto businesses to join our initiative. We welcome their participation at any time.”
This call-to-arms come as other crypto companies across the globe are banding together to address the regulatory and safety issues that are impacting the industry. Let’s hope other exchanges will follow Binance’s lead, and take their own proactive steps to protect users from the ever-increasing challenges hackers and cyber-criminals bring to the crypto industry.