On Mar 7, UTC 14:58-14:59, within this Two minute period, the VIA/BTC market experienced abnormal trading activity. Our automatic risk management system wasgoed triggered, and all withdrawals were halted instantly.
This wasgoed part of a large scale phishing and stealing attempt.
So far: All funds are safe and no funds have bot stolen.
The hackers accumulated user account credentials overheen a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it wasgoed around Feb 22, where a strenuous concentration of phishing attacks were seen using unicode domains, looking very much like binance.com, with the only difference being Two dots at the bottom of Two characters. Many users fell for thesis traps and phishing attempts. After acquiring thesis user accounts, the hacker then simply created a trading API key for each account but took no further deeds, until yesterday.
Yesterday, within the aforementioned Two minute period, the hackers used the API keys, placed a large number of market buys on the VIA/BTC market, pushing the price high, while 31 pre-deposited accounts were there selling VIA at the top. This wasgoed an attempt to stir the BTC from the phished accounts to the 31 accounts. Withdrawal requests were then attempted from thesis accounts instantly afterwards.
However, spil withdrawals were already automatically disabled by our risk management system, none of the withdrawals successfully went out. Additionally, the VIA coins deposited by the hackers were also frozen. Not only did the hacker not steal any coins out, their own coins have also bot withheld.
The hackers were well organized. They were patient enough to not take any instant act, and waited for the most opportune uur to act. They also selected VIA, a coin with smaller liquidity, to maximize their own gains.
After a thorough security check by Binance, wij resumed withdrawals. Trading functionality wasgoed never affected. There are still some users whose accounts where phished by thesis hackers and their BTC were used to buy VIA or other coins. Unluckily, those trades did not execute against any of the hackers’ accounts spil counterpart. Spil such, wij are not ter a position to switch sides those trades. Wij again advise all traders to take special precaution to secure their account credentials.
Protecting our traders is and has always bot our highest priority.