March 7 was undertaken a large-scale attempt to manipulate and steal funds from Binance, which ultimately did not succeed. The attack was the result of an extended operation of phishing targeting users by creating fraudulent copies of the website of the stock exchange for the purpose of receiving the credentials of the investors.
Since the launch of the Binance Hacker Bounty representatives have gathered enough information about the incident, part of which would disclose publicly.
Given the scale of the operation, it seems that it was the work of a group of hackers, not one person, although this option is not excluded.
In his report dated March 19, exchange lists of known fraudulent web domains involved in phishing schemes, which led to the attack. It seems that these domains contributed to numerous advertising campaigns on search engines, which attracted unsuspecting users.
As can be seen from the report, the attacker targets not only on Binance, but also on other stock exchanges, both centralized and decentralized.
(Note: this list is not exhaustive, there are many more).
Domains registered on two names:
- Domainbigdata.com – Kireev, Sergey V.
- Domainbigdata.com Victoria Belinskaya
And IP address used to create API keys, information exchange, and refers to Lipetsk.
Possible that this is not the exact location, and IP address of the attacker, VPN or other such service helps to conceal their location. But the fact that the attack was carried out from Eastern Europe is undeniable.
Because the hackers are still not discovered, the campaign Binance Hacker Bounty continues. According to officials of the exchange:
As always, the safety of our users and their funds is and has always been our highest priority. We look forward to continuing to work with our community to bring the perpetrators to justice.