Binance is the largest crypto-exchange by trading volume, however, on 7th March, its users got affected by a hack of third-party software, and as a result, unauthorized transactions were made from their user’s accounts.
Since then, Binance’s CEO, Changpeng Zhao has claimed that the exchange is working normally and the funds of users are safe as well. Many users have shown their concern and complained by using social media platforms; Twitter and Reddit, that without their permission, their altcoins had been converted into Bitcoin and most of them didn’t even logged into their accounts.
There were many posts on Reddit, claiming that hackers have used their bitcoins for buying VIA coins for 0.025 BTC each. Without attracting any attention, hackers managed to withdrew the bitcoins in small amounts. It’s claimed by a Reddit user, Profetu, that Binance’s administration took actions to the complaints of their users by freezing their accounts in one hour. Furthermore, the user suggested;
“The hacker accumulated VIA in advance (from Binance or other exchange and sent to Binance) then he set a huge sell order at 0.025BTC. Then using API made some account sell alts and buy VIA with that BTC, [and then withdrew] BTC.”
Another user wrote;
“Same happened to me. I had 100% USDT worth $1548. Today I logged in so I can buy some xrp, but my account balance is $200 out of $1548, and apparently I bought 5 VIA coins and exchanged my USDT to BTC while I was in the gym?”
Few traders have presented a theory that the attack was linked with compromised API keys which had been requested by Binance’s users to further use inside the range of other applications such as; chart in monitoring services and trading bots. This theory also explains how the attackers have managed to pass over the two-factor authentication. But at the same time, it fails to explain why this attack affected the users who never requested API keys.
A user asked;
“Do you use any trading bots like profittrailer or gunbot? Do you have any API opened for any kind of services?” – Bonnie_channel
Another Reddit user wrote;
“That is what I am wondering! I never gave permission for this API key to be created. That is why I think it’s an issue on [Binance’s] end”.
Later, a tweet was posted by Binance, saying that deposits and withdrawals are now in a working condition and all illegitimate trades have been rebounded. Changpeng Zhao also said that a phishing website has been used by hackers to get the login information and to divert users from the authentic Binance website.