This night, we could hear about some Binance hack. Just to remind: Binance is one of the major and the safest cryptocurrency exchanges.
The issue caused a major drop of Bitcoin price and pump & dump on a token called Viacoin.
So how did it happen?
As Binance SEO states, is just classical phishing. Users were logging in to some fake Binance website with very similar domain name:
As you can see in the picture, the fake domain has 2 tiny dots under 'b' letters. The difference is almost unnoticeable.
Hackers were collecting users login credentials for a while. They connected the accounts to their software using generated API keys which allow users to trade on Binance - no withdrawals. It's also possible they got the API keys from some already plugged bot. When they collected enough accounts and bought Viacoin, just sent API requests from users accounts to sell all the bitcoin they had and buy Viacoin to pump it. Once it was pumped they sold their supplies. Months of preparations and a great finish. Perfect crime.
Nevertheless, Binance stated that there's nothing to worry about and all the transactions will be reverted. They also said that hackers didn't manage to withdraw the funds as they were frozen. Their full statement: https://support.binance.com/hc/en-us/articles/360001547431
To sum up, always check the domain you log in. It's also good to check if SSL certificate matches the domain name. If you have any doubts if you ever logged in to the fake website, just change your password and be more careful in the future.
This is my very first article and English is not my mother tongue so I ask you for indulgence and understanding :)
They used an auto sell and auto buy bot
Hello, thank you for the reply :) I believe they used both methods to collect the API keys. In the article I said: "It's also possible they got the API keys from some already plugged bot."
You can also check the Binance SEO twitter for updates: https://twitter.com/cz_binance?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.coindesk.com%2Ffunds-safe-binance-denies-crypto-hack-rumors%2F
i made a similar post you upvoted thanks for the upvote