Binance Thwarts ‘Large Scale’ Theft Attempt That Sees Hackers Lose Their Funds

Francisco Memoria
  • Hackers attempted to manipulate the market by creating Viacoin buy orders with phished accounts
  • Using their accounts, they then sold Viacoin at a large premium on the VIA/BTC trading pair and attempted to withdraw bitcoin.
  • The activity triggered Binance's security systems, which halted withdrawals and prevented the hackers from cashing out

Binance, one of the world’s largest cryptocurrency exchanges, recently saw users complain their altcoin balances were being liquidated for bitcoin, and then used to buy a little-known cryptocurrency named Viacoin. According to the exchange, it was all part of a sophisticated theft attempt, that Binance managed to thwart.

Per the exchange’s investigation, a group of “well organized” hackers attempted to manipulate the market and steal user’s funds. Their plot saw them initially launch a ‘phishing’ scheme in early January, in which they purchased domain names resembling Binance.com. They created copies of the exchange’s interface, to trick users into entering their credentials.

Once they acquired people’s login credentials, the hackers created API keys for each account they controlled. These keys are used to trade with bots, and as such only allow those who control them to trade, not withdraw.

After the keys were created, the hackers went silent waiting “for the most opportune moment to act.” Yesterday, the hackers decided it was time to make their move, and started using people’s API keys to place a “large number” of Viacoin buy orders. The move saw the cryptocurrency’s price surge by as much as 1,100 percent in about a minute.

VIA pump.png

On their own accounts, the hackers then sold Viacoin for bitcoin at high prices. Their orders were matched because of the orders placed on the accounts they phished. Per Binance, as soon as these trades were completed, withdrawal requests were “immediately” attempted.

However, the unusual trading activity triggered Binance’s “automatic risk management system.” The system, as Binance’s summary reads, halted withdrawals:

“However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also been withheld.”

Binance

The cryptocurrency exchange successfully kept user’s funds safe, and in fact kept the funds the hackers initially used to make their orders. Binance has since revealed that it will reverse most transactions to undo the damage. Some transactions won’t be reversible, however, as the hackers’ accounts were not the counterparty, meaning they were just made to boost Viacoin’s price.

Interestingly, the company’s CEO, Changpeng Zhao, revealed that the coins withheld from hackers will be donated to Binance Charity.

Weekly Newsletter

Circle’s Crypto Exchange Poloniex Lists QTUM

Siamak Masnavi

On Thursday (6 September 2018), Goldman-backed FinTech startup Circle announced that its Poloniex crypto exchange had added support for QTUM.

On 19 June 2018, Circle had published a blog post that explained how it planned to add new cryptoassets, and mentioned the "Circle Asset Framework", which it said was the tool it used for evaluating/prioritizing new cryptoasset listings across its various products. Now, it seems that Circle has decided that QTUM meets all of its requirements for a new listing.

Poloniex has this to say about QTUM:

"The Qtum (pronounced Quantum) blockchain is a public smart contract platform that combines aspects of both Bitcoin and Ethereum. The Qtum team chose Bitcoin (and its UTXO model of record-keeping) as the base of the protocol because of Bitcoin’s proven track record of security and stability. On top of this base, Qtum integrates the Ethereum Virtual Machine (EVM) (and potentially other VMs in the future) in order to support a diverse decentralized application ecosystem. QTUM is the native token of the Qtum blockchain, and acts as both gas for Qtum smart contracts and as a reward for securing the network through staking."

This is what Abra wrote, in its "Ultimate Guide to Altcoins" document), on 21 July 2018, about QTUM:

"Qtum features a strong team lead by Patrick Dai, who was recently acknowledged as one of China’s '30 under 30' to watch, with other team members coming from prestigious and well-known Chinese tech companies such as Alibaba, Baidu, and Tencent. Beyond their ICO capital, they are backed by more traditional capital from established angel and private investors in China."

"A rarity in the blockchain world, Qtum is also backward compatible with Ethereum contracts as well as Bitcoin gateways and will remain backward compatible even after updates. This allows for easy platform adoption and a “plug and play” methodology that leans upon what other technologies in the space have done well."

"Qtum is making a big push to create technology that is nimble and flexible enough to enable smart contracts on mobile devices and also plans to expand into IoT (internet of things) devices. Based in Singapore, Qtum is positioning itself to go address the Asian markets and even more specifically, the Chinese market."

Currently, QTUM deposits and withdrawals are live, but for trading QTUM/USDT, QTUM/BTC, and QTUM/ETH pairs , you will have to wait until 7 September 2018 (16:00 UTC).

At press time, according to CryptoCompare, QTUM is trading around $3.90, down 3.94% in the past 24-hour period (the times shown in the chart below are UTC + 01:00):

QTUM chart for Sep 6.png

As covered by CryptoGlobe, on 31 August 2018, Poloniex announced several new USDT trading pairs for 0x (ZRX), Lisk (LSK), Dogecoin (DOGE), Golem (GNT), and Siacoin (SIA).

Featured Image Credit: Interface Image Courtesy of Poloniex