Binance users accounts controlled - My thoughts on the potential attack used.
Latest news from Binance is all account funds are safe. Here is an initial thought of what happened and how they were able to control so many accounts. This is all speculative but have thought of situations like this for exchange sites and potentially how it was used here with the different user reports of what they had enabled. This is all speculative but this attack is entirely possible and can be done.
1) Surge of Binance phishing sites popped up with live data asking users to log in.
2) User prompted for 2FA credentials which passed through from the real site.
3) User entered this and was logged into to the fake site with the data from the real ones leading user to think the site was legit.
4) Data collected from phishing site indicated accounts with funds and kept track of credentials.
5) Fake site initiated a API key creation on users Binance account which requires a 2FA code.
6) Fake Binance site logs off user (while staying logged in on backend) and requests username/password/2FA and passes 2FA into Binance to create new API key. No email is sent to users for this action.
7) Bad actor now has API key to control accounts and trades.
Binance will knowingly shut down wallets on issues so all bad actor needs to do now is place their sell of VIA on other exchanges since they know how much BTC they control with their botnet of API keys. When they initiate the buying up of VIA, price drives up on other sites hitting their orders and allowing them to move their BTC off them without any issues about locked accounts.
Helpful Info From Affected Users:
- Login history to account from any new IPs
- When was the last time your API keys were looked at
- Do you have API keys in your account now
Congratulations @boxxa! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!