Monday, March 19th
Spil previously announced, on March 7th, there wasgoed a large-scale attempt to manipulate and steal funds on Binance, which wasgoed ultimately unsuccessful. Wij would like to remind the community that our system wasgoed not compromised during this event and no unauthorized gegevens wasgoed accessed. The attack wasgoed the result of an extended phishing operation, targeting users by creating fraudulent reproductions of our webstek ter order to gather users’ login credentials.
Since launching the Binance Hacker Bounty, we’ve gathered a lotsbestemming of information regarding this event. Among the information that wij have collected, there are some details that wij believe will be beneficial to provide publicly. Wij hope that, with the extra information, our community will be able to assist even further te our search for the perpetrator(s).
Given the scale of the operation, wij believe this may be the work of a group rather than an individual, but wij certainly aren’t ruling out the possibility.
Wij will commence with a list of known fraudulent web domains involved ter the phishing schemes that led up to the attack. It seems that thesis domains are promoted by utilizing numerous search engine advertising campaigns to draw unsuspicious users.
Spil you will notice, this attacker is not only targeting Binance, but other exchanges, both centralized and decentralized.
Related video: NEO TO $1000? ONTOLOGY ONT TO $100? CRYPTOCURRENCY COIN PRICE PREDICTION 2018 (NEWS + REVIEW)
(Note: This list is not exhaustive and there are more to identify.)
It emerges that most thesis domains utilize a bullet-proof European webhost, resolving to IP addresses of 184.108.40.206 and (primarily) 220.127.116.11.
Domain Registrant Information
There have bot two common names amongst the registrants of thesis types of domains. Running a switch sides lookup on the names te question comes back a multiplicity of other domains that show up to have malicious intent:
Ter fact, there wasgoed an article published te August, , regarding one of the domains from our list known domains above (also tied to one of thesis registrants): https://www.hackread.com/fake-bittrex-cryptocurrency-exchange-site-stealing-user-funds/
Related video: MyEtherWallet Tutorial – Clearly Explained
Ter addition, a victim of the attack provided us with their signed consent to release the IP address associated with the API key creation on their account. The IP address (18.104.22.168) resolves to Lipetsk, Russia.
It is safe to assume that this is not an accurate location or IP address of the attacker and they may be utilizing a VPN or another service to obfuscate their identity. However, after cross-referencing this information against the registrants of the domains above, it is safe to assume that the attacker(s) may reside ter Eastern Europe.
Related video: Binance Hacked ?!!?
VIA Blockchain Transactions
Wij were able to identify several suspicious VIA transactions on the blockchain, taking place approximately one-to-two hours prior to the incident. After further investigation, a total of 31 transactions were found, all made within 200 blocks, containing a total of 4000 VIA each.
Below wij have documented the block height and the transaction ID for each: