On March 7th, between 6:58am-6:59am PST, the VIA/BTC market in the Binance exchange experienced abnormally high trading activity.
Posts flooded the BinanceExchange subreddit with users grieving that their coins were being sold off en masse to market buy another coin, $VIA. In one of the posts, a user stated that all of his alt-coins were sold at market price:
“Wtf??? All my coins got sold and i brought via coin? Did i just get hacked?”
Other users echoed the experience, and while all this was happening, Viacoin’s price increased by almost 100x. Users of the popular exchange began to see a large amount of Viacoin being bought up immediately after all their other coins were sold.
An official statement was released by the Binance team onto Reddit stating that the team is “investigating reports of some users having issues with their funds” and that they are “aware and investigating the issue as we speak.”
“As of this moment, the only confirmed victims have registered API keys (to use with trading bots or otherwise). There is no evidence of the Binance platform being compromised.”
It’s what happened right after the “hack” that make Zhao and his exchange a force to be reckoned with. In the statement he declares:
“Our automatic risk management system was triggered, and all withdrawals were halted immediately. Withdrawal requests were attempted from these accounts immediately afterwards. However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out.”
According to Binance, this incident occurred due to a large-scale phishing attempt on their exchange. The hackers used a practically identical domain name to retrieve the information of user accounts – one such example was Binance.com with an accent mark underneath two characters.
The hackers move came two days ago, happening within a two minute period, involving a massive pump in Viacoin, according to the post:
“Yesterday, within the aforementioned 2 minute period, the hackers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.”
The team handled the entire incident with few losses as the security measures they had in place were resilient enough to trap the hackers inside before it got out of hand, and Zhao with his Binance team navigated the situation with incredible efficiency and transparency. This debacle and how Binance handled it, will most likely serve as a model for risk management for other exchanges and will surely make hackers think twice before trying to mess with a powerhouse exchange like Binance.