Binance Thwarts ‘Large Scale’ Theft Attempt That Sees Hackers Lose Their Funds

Francisco Memoria
  • Hackers attempted to manipulate the market by creating Viacoin buy orders with phished accounts
  • Using their accounts, they then sold Viacoin at a large premium on the VIA/BTC trading pair and attempted to withdraw bitcoin.
  • The activity triggered Binance's security systems, which halted withdrawals and prevented the hackers from cashing out

Binance, one of the world’s largest cryptocurrency exchanges, recently saw users complain their altcoin balances were being liquidated for bitcoin, and then used to buy a little-known cryptocurrency named Viacoin. According to the exchange, it was all part of a sophisticated theft attempt, that Binance managed to thwart.

Per the exchange’s investigation, a group of “well organized” hackers attempted to manipulate the market and steal user’s funds. Their plot saw them initially launch a ‘phishing’ scheme in early January, in which they purchased domain names resembling Binance.com. They created copies of the exchange’s interface, to trick users into entering their credentials.

Once they acquired people’s login credentials, the hackers created API keys for each account they controlled. These keys are used to trade with bots, and as such only allow those who control them to trade, not withdraw.

After the keys were created, the hackers went silent waiting “for the most opportune moment to act.” Yesterday, the hackers decided it was time to make their move, and started using people’s API keys to place a “large number” of Viacoin buy orders. The move saw the cryptocurrency’s price surge by as much as 1,100 percent in about a minute.

VIA pump.png

On their own accounts, the hackers then sold Viacoin for bitcoin at high prices. Their orders were matched because of the orders placed on the accounts they phished. Per Binance, as soon as these trades were completed, withdrawal requests were “immediately” attempted.

However, the unusual trading activity triggered Binance’s “automatic risk management system.” The system, as Binance’s summary reads, halted withdrawals:

“However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld.”

Binance

The cryptocurrency exchange successfully kept user’s funds safe, and in fact kept the funds the hackers initially used to make their orders. Binance has since revealed that it will reverse most transactions to undo the damage. Some transactions won’t be reversible, however, as the hackers’ accounts were not the counterparty, meaning they were just made to boost Viacoin’s price.

Interestingly, the company’s CEO, Changpeng Zhao, revealed that the coins withheld from hackers will be donated to Binance Charity.

New Report Highlights Large Variance Between Crypto Exchange Standards

Colin Muller
  • Only 32% of top exchanges have strong cold wallet storage
  • Majority of volume from small-state-registered exchanges

Standards of security, cold wallet storage, and know-your-customer (KYC) implementation are subject to a wide variance across centralized cryptoasset exchanges, a new report from data provider CryptoCompare has concluded. CryptoCompare surveyed the top 100 exchanges by trading volume, in order to glean broad trends among exchanges.

 

Cold Wallets

A key finding of the report is the low overall prevalence of cold wallet usage - cold wallets being disconnected from the Internet when their funds are not being actively traded. Only 32% of the top 100 exchanges claim to store the vast majority of users’ funds - at least 90% - in cold wallets, with a further twelve percent claiming to store a majority - at least 50% - in cold wallets, and nine percent claiming less than 50%.

 

An alarming 47% of the top exchanges do not detail their storage conventions, according to CryptoCompare. Since the usage of cold storage wallets is a major selling point for users trading on a centralized exchange, which no exchange should hesitate to advertise, it is not unreasonable to fear the worst for these 47% - half of the top 100 - not reporting any cold wallet usage.

 

coldWallets.png

 

The report revealed little correlation between exchanges’ cold wallet usage, and the jurisdiction of their legal registrations.

 

For example, the six exchanges with the highest reported percentage of cold wallet storage, itBit, Coinroom, Coinfloor, Bitfinex, Huobi Pro, and Coinbase, were registered in the U.S., Poland, the U.K., the British Virgin Islands, the Seychelles islands, and again the U.S., respectively. Almost none of the exchanges listed as having high cold wallet usage, with the exception of Bitfinex, were among the highest trading volume exchanges.

 

A helpful cross-reference for this observation is the New York Office of the Attorney General’s (OAG) recent audit of cryptoasset exchanges, which found only a small variance of cold-wallet standards among eight U.S.-registered exchanges that it surveyed, namely a high standard with “most participating platforms purport[ing] to keep a high percentage of the virtual currency in their possession in so-called ‘cold storage.’” These figures could perhaps suggest a somewhat higher standard of storage for U.S.-based exchanges.

 

Underlining the importance of cold wallets, eleven percent of top 100 exchanges have been hacked in the past. CryptoCompare reported that nearly 75% of exchanges require at least some KYC information from customers, while fully a quarter require no KYC.

 

Trade volumes

With respect to trading volume, CryptoCompare found that an inordinate amount of the trading volume goes through Malta-, Hong Kong- and South Korea-registered exchanges - in the case of Hong Kong, not even a completely sovereign nation but a “Special Administrative Region” of China. By far the most trading volume comes from Binance and OKEx, both registered in the small Mediterranean island nation of Malta, a member of the European Union and within the Schengen border zone.

 

The jurisdictions hosting the highest number of exchanges, the U.S. and U.K. both registering eight, see strikingly minimal amounts of trading volume pass through their borders. CryptoCompare calculated $366 and $137 million cumulative average daily trading volume, on all the exchanges in their respective countries - a total of $503 million on sixteen exchanges - versus $1.38 billion daily on just two Malta-registered exchanges.

 

The OAG report is again helpful in this case, as the single largest exchange examined by CryptoCompare, Malta-based Binance, declined the New York law enforcement office’s request to furnish information regarding its practices and standards. Two out of four of the highest-volume jurisdictions are small island nations with liberal cryptoasset regulations, and one is the city-state Hong Kong.

 

exchangeVol.png

 

A clear preference for fast-moving, liberal, and “creative” regulatory regimes is evident for the high-volume exchanges. Given, as the OAG has noted, exchanges’ propensities to “[move] their operations with little or no warning,” a competitive atmosphere could be fostered to offer the most flexible and accommodating regulatory regimes, to cryptoasset exchanges searching for their next home.