Summary of the Phishing and Attempted Stealing Incident on Binance

no phishing.png

On Mar 7, UTC 14:58–14:59, within this 2 minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system was triggered, and all withdrawals were halted immediately.

This was part of a large scale phishing and stealing attempt.

So far: All funds are safe and no funds have been stolen.

The phishers accumulated user account credentials over a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it was around Feb 22, where a heavy concentration of phishing attacks were seen using unicode domains, looking very much like, with the only difference being 2 dots at the bottom of 2 characters. Many users fell for these traps and phishing attempts. After acquiring these user accounts, the phishers then simply created a trading API key for each account but took no further actions, until yesterday.

Yesterday, within the aforementioned 2 minute period, the phishers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. This was an attempt to move the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from these accounts immediately afterwards.

However, as withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the phishers were also frozen. Not only did the phishers fail to steal any coins, their own coins have also been withheld.

The phishers were well organized. They were patient enough to not take any immediate action, and waited for the most opportune moment to act. They also selected VIA, a coin with smaller liquidity, to maximize their own gains.

After a thorough security check by Binance, we resumed withdrawals. Trading functionality was never affected. There are still some users whose accounts where phished by these phishers and their BTC were used to buy VIA or other coins. Unfortunately, those trades did not execute against any of the phishers’ accounts as counterpart. As such, we are not in a position to reverse those trades. We again advise all traders to take special precaution to secure their account credentials.

Protecting our traders is and has always been our highest priority.

Thanks for your support!

Binance Team


Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Good old rule confirmed again:
Your keys (private)- your money, no keys - not your money.


As a newb to crypto, the options for exchanges is limited due to new sign-up freezes.

Open Ledger doesn't have many assets to choose from; but, one good thing is each user has private keys, even though a simple user name is equivalent to the private key. I know all exchanges are subject to phishing risks; but, it's a bit reassuring to know the funds are a bit more secure than just setting on a public exchange.

It shall be interesting to see how the OL platform grows over time. They certainly seem to be putting a lot of work into getting it up and running competitively with the likes of Bittrex, etc.

Btw, that was a good catch by Binance.

Best regards!


Is this official steem account of Binance? I am curious.


Yes it is and you are wise to be cautious about impersonation.

If you go to the site and look carefully at the very bottom you will see a steemit logo along with the other social logos (twitter, etc.). Click on that steemit logo and it takes you to this account.


Thanks @smooth , I just confirmed it.

This is very well handled by binance, kudos to the professionalism.


@acidyo.. Thanks a lot for resteeming! Exactly the kind of info to be passed on! Unfortunately FUD always travels faster 😑 kudos to binance for the great work!


They can set an example of professionalism to that other place.


Binance being on Steem and having Steem on their exchange is also another thing they are an example for.

You folks have to be one of the best exchanges as far a communication is concerned. So many exchanges keep their customers in the dark when there are issues. Binance is always quick with informing their customers of any issues they're having.

A friend of mine is having anxiety laughter because he doesn’t know if his 10k in bitcoin will be recovered. Mine is fine probably due to very small holdings. He’s done w/ Binance

Thanks @binanceexchange for taking timely action and rectifying the issues....Hope to see everything working normal soon!

It’s not difficult. Don’t leave coins on exchanges. Leave them in hardware wallets. Transfer to exchanges when you want to ‘exchange’ them. If you don’t control your private keys you don’t really control your coins!

Hey I just thought of something;

Have you verified this account? How do we know you're the real Binance; did you do a Twitter verification?

I know I'm paranoid, but am I paranoid enough?




You can find this account linked directly from the Binance homepage.


Thank you for handling the whole situation so professionally.

You guys are awesome!

thanks for updating us

Wow, I wish other companies like Coinbase or Bittrex could be half as good as communicating with their customer base. Thumbs up to you guys for being so upfront and handling the whole ordeal in a professional way!

Woah! Holding my breath before I log in. Great to see you're on Steemit guys :-)


If you haven't lost the money, you're doing better than the majority of historical crypto-exchanges. keep on trucking Binance, but we think you're bigger problem at the moment is probably the SEC, are you going to go "white shoe" or join the de-centralized fully-private "dark side" of the force?

So, I assume one way to know whether or not we were affected is to check for any suspicious API keys, right?

To listen to the audio version of this article click on the play image.

Brought to you by @tts. If you find it useful please consider upvote this reply.

Binance just seems to handle every situation in the most professional way. Good job.

Binance is one of my favorite crypto exchange.

nice to see that such actions are in place to prevent such attacks, kudos to your team and thanks for the update

Well done, a fast analysis and response earns trust. Great that they didn't make off with anything, and funny that they lost their VIA.

21st century bank robbery.

wow really nice post my daer. i really like your post.

thanks for sharing!


Thanks for the news.

My blood pressure raised yesterday when I saw the first news, but you guys did a good job communicating the up to date status very quickly. Binance is my favorite exchange. Stuff like this happens and well handled incident like this one can only add to your reputation. Thanks for keeping us updated.

I love the way you guys aint keeping us in the dark. This is truly lovely. Wish other exchangers would take notice of this. There should be efficient communication between a man and who holds his funds. Kudos binance team

Every time this happens I have more confidence in Binance, their communication and transparency is outstanding.

Just checked. Had to relogin. Everything looks good. Yay.

I am impressed by your professionalism. Binance is currently the best exchange. Soft, support - outstanding. Keep it up!

Thank you for the open and prompt communication.

this is very good handled by binance, kudos to the professionalism.

If it's on an exchange it's not in your wallet. When will people learn not to store their coins on exchanges?

Thanks for telling us about this and as like katteasis asked, I didn't know you had an official presence here.

My first time knowing about binance. Gotta try it

wow , it is by far the fastest response i have seen , good job binance

Thanks for hiring a dazzler team of crack experts to preemptively keep our wallets and coins safe from thieves and attacks.

#Binance is great for using Steemit as a social media.

Once again Binance does not fail to delight me as the attack was very sneaky and affected many users as you can see by the below tweet it is almost impossible to spot the difference in urls which is why you should always manually type it or use a bookmark.

A user’s history. Can you see the two dots under the domain name? Phishing website that redirects to the real website after login. Additionally, after you log in once, it doesn't let you access the phishing site again - will auto-redirect you to Binance (even after logging out)


cz_binance CZ (not giving crypto away) tweeted @ 07 Mar 2018 - 20:03 UTC

We have localized the irregular trades, they will be reversed. All funds are safe, thanks to the fast alarm. Plea……

Disclaimer: I am just a bot trying to be helpful.

cz_binance CZ (not giving crypto away) tweeted @ 07 Mar 2018 - 20:31 UTC

A user’s history. Can you see the two dots under the domain name? Phishing website that redirects to the real websi……

Disclaimer: I am just a bot trying to be helpful.