A cryptocurrency exchange says a large-scale phishing campaign was behind abnormal trading activity that affected some of its users.
The trouble started on 7 March when some Binance users posted to Reddit about problems involving their accounts’ alternative coin amounts. Here’s what one person said:
Binance just sold all my alts at market rate and I have got just the Bitcoin now. Is it because of account getting hacked or binance bot issue? Have raised a ticket 715903 for this.
A few of those experiencing problems revealed that a suspicious trading API appeared on their account at around the same time they noticed the strange market goings-on. Many of them also had two-factor authentication (2FA) enabled, leading them to wonder if Binance was suffering from some type of vulnerability.
Within an hour of the first user posting their complaint, the cryptocurrency exchange acknowledged the issues in a Reddit update and revealed it had disabled withdrawals while it looked into them.
This investigation led Binance to conclude that a “large scale phishing and stealing attempt” had laid the groundwork for the abnormal trading activity.
According to a statement published by the cryptocurrency exchange, hackers spent weeks accumulating users’ login credentials with phishing attacks that led to Unicode-based lookalike domains. They then abused those credentials to create API keys for each compromised account and waited until 7 March.
A user’s history. Can you see the two dots under the domain name? Phishing website that redirects to the real website after login. Additionally, after you log in once, it doesn’t let you access the phishing site again – will auto-redirect you to Binance (even after logging out) pic.twitter.com/WOKhKrp7tx
— CZ (not giving crypto away) (@cz_binance) March 7, 2018
Binance explains what happened next:
Yesterday, within the aforementioned 2 minute period, the (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/cryptocurrency-exchange-says-phishing-campaign-behind-abnormal-trading-activity/