Cryptocurrency exchange announces bounty on hackers

One of the world’s largest digital currency exchanges is offering the equivalent of $250,000 in virtual money to anyone who helps track down the perpetrators of an attempted cryptocurrency heist last week.

“Binance is offering a $250,000 USD equivalent bounty to anyone who supplies information that leads to the legal arrest of the hackers involved in the attempted hacking incident on Binance on March 7^th, 2018,” reads the exchange’s ‘wanted poster’.

The bounty would be paid out in BNB, which is Binance’s own digital coin. In addition, the China-based exchange announced that it has set aside $10 million worth in digital currency reserves for rewards vis-à-vis future hacking attempts.

The company’s twist on bug bounty programs – which many organizations use to incentivize legitimate individuals to report security vulnerabilities rather than attackers – has generated a great deal of media buzz. Binance has justified its move by the need for counteroffensive.

“To ensure a safe crypto community, we can’t simply play defense. We need to actively prevent any instances of hacking before they occur, as well as follow through after-the-fact. Even though the hacking attempt against Binance on March 7^th was not successful, it was clear it was a large-scale, organized effort. This needs to be addressed,” reads the company’s announcement.

The foiled attack

The incursion took place after a long-term phishing campaign against Binance customers, according to an announcement by Binance last week. The campaign relied on a well-known technique called ‘homograph attack’, which involves the deceptive use of a character or characters, in the website address that is designed to look identical to the real one.

In this case, the phishing messages tricked the customers into entering their login credentials into a phony Unicode domain that looked “very much like binance.com, with the only difference being 2 dots at the bottom of 2 characters” (see image above).

The attack itself unfolded within the span of two minutes on March 7. Hackers made a flurry of automated transactions that involved the digital currencies Viacoin (VIA) and Bitcoin (BTC). Their ultimate aim was to empty a number of customer accounts that they had compromised via a phishing campaign in anticipation of the attempted heist.

Using custom-created API keys for the compromised accounts, the attackers instructed the accounts to sell BTC and buy VIA, thus driving the price of the latter high. Another 31 accounts, which the hackers had set up and loaded up with VIA in preparation for the heist, then sold the VIA in what effectively amounts to “an attempt to move the BTC from the phished accounts to the 31 accounts”, according to Binance.

Their efforts were ultimately thwarted after the suspicious trading activity triggered the exchange’s automatic risk management system, whereupon withdrawals were blocked and phony trades were reversed. As a result, the attackers were unable to cash out and, even worse for them, the exchange has frozen coins that they had deposited into the accounts created with an eye towards the scheme.

The attack is a continuation of the past trend, as various services in the cryptocurrency arena have been on the receiving end of all manner of cyber-incidents for several years now. We have also previously provided a snapshot of the calamities to befall this space in 2017. Earlier this year, Japanese cryptocurrency exchange Coincheck was stung by the theft of $530 million of virtual money, but it promised to reimburse the investors.