The crypto trader community paniced yesterday as several users started reporting suspicious activities from their Binance accounts. Twitter and Reddit exploded when more and more people were claiming that their account was hacked and all of their altcoins were sold at market price and the gained BTC was used to buy VIA coin for an unreasonable high price. According to Forbes, one of the first reporters was Reddit user “shashankkgg” who claimed that Binance sold all his alts at market rate.

Luckily Binance was really fast in following up on the drama and addressed the issue explaining that the hack wasn’t a result of a weakness on their side, but rather was a problem with 3rd party access on some user’s accounts:

“We are investigating reports of some users having issues with their funds. Our team is aware and investigating the issue as we speak.

As of this moment, the only confirmed victims have registered API keys (to use with trading bots or otherwise). There is no evidence of the Binance platform being compromised. Please remain patient and we will provide an update as quickly as possible.”

By the time of the announcement they have already disabled withdrawals on the exchange. Meanwhile there were several wild theories going around, some even accused the VIA coin developer for the malicious moves, but the VIA team were prompt to deny their participation in the issue and announced that they offered their help for Binance to resolve the situation. It was unclear why VIA was chosed as the coin to be purchased by the stolen funds, but one could guess that the hackers were probably unable to gain 2FA (and thus complete) access to the stolen accounts.

As the investigation progressed Binance started giving out further information about how potential customers were affected in the hack, they posted a sceenshot with one of the hacked user’s browsing history and it could be clearly seen that he/she had login details compromised through phising sies.

A few hours later we got a new status update where the CEO of Binance assured everyone that no funds were stolen and that malicious trades were reversed. He even stated that the hackers lost funds, but it was unclear yet how that happened.

The last piece of puzzle arrived with the exchange posting a detailed summary on the issue, it was outed to be a large scale phising attempt, where accounts first got compromised as soon as January. The hackers used unicode domain adresses, that were almost identical to the original ones, to gather login information. They pre-bought VIA before the incident, because it was the least liquid coin on Binance and thus could be easily pumped into their sell orders before attempting to withdraw the funds from Binance. As the exchange had a well working alarm system, the malicious accounts couldn’t withdraw funds from the exchange and lost everything.

This incident shows that even though there is a need for decentralized exchanges, there is a case where a centralized service can be well managed and thus they might result in a higher safety for users. Those customers who were affected in the phising attack could have their trades reversed now and kept their funds. Binance handled the issue quite professional and they showed why they are a top tier exchange currently.