
Major cryptocurrency including Bitcoin, Ethereum and Litecoin have all plummeted nearly 10% in the past 24 hours, after facts surfaced bout a major hack in the world’s second largest cryptocurrency exchange Binance.
A hacker or a group of hackers compromised the trading bot used by the majority of people on Binance, and engineered a scheme that appeared to pump up the price of a no-name virtual coin Viacoin (VIA) and therefore caused widespread market panic that led to significant price declines for major cryptocurrencies. Bitcoin dropped 9.26% to US$9,860 in the past 24 hours.
While the purpose of the hacker(s) was unclear, one popular theory is that it was to benefit investors with short positions on Bitcoin and other major cryptocurrencies, or those people betting that the prices would decline.
After the compromise was quickly detected, withdrawals and trading on Binance was halted, which means the hacker(s) would not be able to take assets out from the exchange. But the scare has caused major price declines, and that in turn could create real returns for investors shorting crytocurrencies.
Zhao Changpeng, CEO of Binance, said on Twitter that the exchange had experienced irregularities in trading activity and some accounts may have been compromised by phishing. Binance, the second largest cryptocurrency exchange in the world after OKEx in terms of trading volume, emphasizes that all funds are safe at this point for its users.
The hacker(s) led the prices of VIA rise almost 100 times in a few minutes using the compromised Binance accounts and then dumped VIA to cause prices to drop down again. All the accounts suffering from this fate were those using a trading bot API.
Trading bots or algorithmic trading are a technique that uses pre-programmed software that monitors the market and execute trades automatically. These bots have long been working on crypto-exchange markets, with some of them mainly designed to pump an alternative coin or token.
Update on March 8, 2018, Binance published the following statement regarding the hack:
Summary of the Phishing and Attempted Stealing Incident on Binance
Fellow Binancians,
On Mar 7, UTC 14:58-14:59, within this 2 minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system was triggered, and all withdrawals were halted immediately.
This was part of a large scale phishing and stealing attempt.
So far: All funds are safe and no funds have been stolen.
The hackers accumulated user account credentials over a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it was around Feb 22, where a heavy concentration of phishing attacks were seen using unicode domains, looking very much like binance.com, with the only difference being 2 dots at the bottom of 2 characters. Many users fell for these traps and phishing attempts. After acquiring these user accounts, the hacker then simply created a trading API key for each account but took no further actions, until yesterday.
Yesterday, within the aforementioned 2 minute period, the hackers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.
However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld.
The hackers were well organized. They were patient enough to not take any immediate action, and waited for the most opportune moment to act. They also selected VIA, a coin with smaller liquidity, to maximize their own gains.
After a thorough security check by Binance, we resumed withdrawals. Trading functionality was never affected. There are still some users whose accounts where phished by these hackers and their BTC were used to buy VIA or other coins. Unfortunately, those trades did not execute against any of the hackers’ accounts as counterpart. As such, we are not in a position to reverse those trades. We again advise all traders to take special precaution to secure their account credentials.
Protecting our traders is and has always been our highest priority.
Thanks for your support!
Binance Team
2018/03/08