On March 7th, Hong Kong-based cryptocurrency exchange, Binance, was faced with a large-scale hacking attempt which eventually turned out to be unsuccessful. According to the company, the attack, which took place over a period of just two minutes, was part of a well-organized phishing and stealing attempt. However, after the dust had settled, Binance released a statement claiming that all user funds were safe.
Following hours of speculation that the cryptocurrency exchange had been hacked, Binance CEO Changpeng Zhao tweeted that all user funds are safe and intact, while irregular trades have been identified, and will be reversed. In another update, he announced that all irregular trades have been reversed, saying the hackers actually lost some funds as a result.
What Actually happened?
Hackers used account information obtained through several months of phishing and strategically placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top in an attempt to move the Bitcoin from the phished accounts to 31 accounts controlled by the hackers. Withdrawal requests were then attempted from these accounts immediately afterward.
According to Binance, the hackers didn’t get away with it, and in fact, they lost money on the deal after withdrawals were stopped and the fraudulent trades reversed. In a blog post, Binance described how it played-out as follows:
“As withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld.”
Biance Announces Hacker Bounty:
In the wake of this, Binance, the world’s second-largest cryptocurrency exchange, is now offering a $250,000 USD reward for details leading to the arrest of the hacker(s) behind the attack.
“A $250,000 USD equivalent bounty to anyone who supplies information that leads to the legal arrest of the hackers involved in the attempted hacking incident on Binance on March 7th, 2018.”
A total of $10 million has been allocated for future bounty awards against any illegal hacking attempts on the exchange, with $250,000 offered for information leading to the prosecution of perpetrators.