Some interesting developments last week in the ongoing battle between crypto exchanges and hackers targeting the massive amount of crypto controlled by the exchanges.
One of the leading exchanges, Binance, thwarted an attempt by hackers trying to withdraw funds from accounts they had infiltrated from phishing attacks.
How They Baited and Phished Users
A phishing attack is one where the hackers attempt to get the credentials of unsuspecting users. They typically achieve this by sending an email that looks like it comes from the legitimate source, asking the user to click on a link that goes to their site, which looks nearly identical to the site they’re trying to hack.
In this case, the hackers were able to gain access to user accounts through a phishing campaign starting near the beginning of the year and into the middle of February by adding 2 dots at the bottom of 2 characters as seen in the tweet below.
Don't get phished guys! See those two dots below "n"? Sometimes the site address gets underlined, so that you can't see the dots. Be very careful!#XVGFam #XVG #Vergefam #xvgwhale #crypto #VergeCoin #Vergecurrency #crypto #altcoins #btc #bitcoin $btc #cryptocurrencies pic.twitter.com/bKq2VrWR7W
— CryptoLion (@RealCryptoLion) February 23, 2018
How They Tried to Use Their Catch
These hackers were patient and bided their time even though they controlled numerous accounts. Not until several weeks later on March 7 did they make their move:
- First they used the phished accounts to place a large number of market buys on the altcoin VIA to drive up the price.
- They then used 31 of their own accounts that already held VIA coins to sell at the top of the market. Since VIA has relatively low liquidity this number of trades helped them maximize their profits.
- Finally, once those trades were executed they attempted to unload the proceeds (in Bitcoin).
How Binance Caught the Phishermen
But Binance’s automated risk management system flagged these withdrawals and they were not executed. All of this happened within the span of 2 minutes, which also caused a brief halt in other legitimate withdrawals during that period.
Although this halt in trading initially led to some speculation of more serious issues, the Binance CEO, Zhao Changpeng, took to Twitter to clarify the situation:
Binance has reversed all irregular trades. All deposit, trading and withdrawal are resumed. will write a more detailed account of what happened shortly. Interestingly, the hackers lost coins during this attempt. We will donate this to Binance Charity.
— CZ (not giving crypto away) (@cz_binance) March 7, 2018
What Binance Did After the Attack
In the end the exchange was able to ensure the safety of its users’ accounts. But the steps that Binance took after this attack are perhaps the more telling part of the story.
- First, since Binance was able to identify the hackers’ 31 accounts, they froze all the assets in those accounts and as per the tweet from Changpeng are going to donate that to charity.
- Next, Binance offered a substantial bounty of $250,000 USD worth of BNB (Binance’s own coin that’s used to pay fees on the exchange) to anyone who can provide evidence that leads to the arrest of the hackers.
- Finally, they have allocated $10 million USD more in crypto reserves for future bounty awards against hacking attempts on the exchange.
Interesting Takeaways From This Story
Exchanges are becoming more secure – Exchanges have been a prime target for hackers because these ‘honey pots’ control the private keys of users’ accounts, and therefore have the potential to deliver an enormous sum of money when hacked. But it appears that more and more protections are being put in place by exchanges to identify suspicious activity and stop it as soon as it occurs.
Beware of phishing – Users need to be very vigilant about links or attachments they click on when receiving emails — even if those emails appear to be from a legitimate source. This is true in general, but is even more important for communications related to cryptocurrency, since significant financial assets can be accessed with credentials. Users should use bookmarks to access the legitimate sites they use to interact with the cryptocurrency ecosystem and always enable additional security measures such as 2-factor authentication when available.
Exchanges fighting back against hackers – Binance is attempting to lead exchanges in the fight back against hackers. Not only do they want to protect their users’ assets but they want to penalize the perpetrators by freezing their accounts and are offering rewards to anyone who offers information that leads to their arrest.
Although prominent hacks of exchanges have eventually led to arrests in the past, as was the case for the infamous Mt. Gox hack, the process of tracking down hackers is time consuming and laborious. By providing financial incentives to crypto sleuths to track down hackers, Binance is putting the hackers on notice that there are few places left to hide.