Binance did not disclose how much money the thieves lost during the attempted Heist on March 7, but I have away to estimate the amount.
One of the world's biggest cryptocurrency trading platforms was targeted by thieves this week. Rumours of a Hack on Binance spread like wildfire and panic followed as Binance suspended withdrawals. After the incident, Binance said its cyber-security team had intervened in time after spotting the suspicious trading activity. Reportedly, the heist backfired causing the would-be thieves to lose money.
How the Heist should have worked:
The thieves used a Phishing domain that looked like Binance.
Notice the dots under the "i" and "a"?
This phishing website was used to fool the user to provide their API Key for Binance. This website would only work once to for the user to hide the website existence.
What are API Keys?
They are used for traders to exercise trades utilizing alternative trading software. In other words, a trader doesn't actually need to log into the exchange. All they need is the API Key to control trades. The API keys wouldn't allow the thieves to drain the account. Instead, it allowed the thieves to trade and manipulate the market using other people's money.
How the thieves intended to steal money:
The thieves used 31 accounts on Binance and preloaded them with VIA coin. The goal was to use stolen keys to buy up VIA coin using various coins in those compromised accounts. This drove up demand for VIA coin and pumped the price. Then, thieves sold their VIA coin for BTC in each of the 31 accounts to easily double their account value. Withdrawal requests were then attempted from these accounts immediately afterwards
What went wrong for the thieves?
Binance cyber-security system found irregular activity that tipped off Binance's "automatic risk management system". Binance blocked the withdrawal transactions an prevented any heisted currency from leaving the exchange which included the thieves money.
How much did the thieves loose?
Binance hasn't publically disclosed how much the thieves lost, but we can ballpark the figure.
Presumably all 31 of these accounts had the 2 BTC equivalent withdrawal limit. The only way to increase the limit is to add identity verification to the account. The thieves needed to hide their identity so they needed to open multiple accounts without verification. The assumption is that they intended to drive the price up 2X, so they need 1BTC worth of VIA coin in each account. BTC at the time of the attack was worth $10,700. Take $10,700 multiply by 31. Looks like the thieves lost somewhere in the neighborhood of:
$331,700!
Binance has reversed all irregular trades, and Binance’s CEO announced that the exchange will be donating these coins to charity.
Bravo Binance!
