Security Researcher Uncovers Witty Phishing Attack On Binance Exchange Users


Security Researcher Uncovers Clever Phishing Attack On Binance Users

One of the major issues affecting the cryptocurrency industry and a major hindrance to its popularity is lack of security. Cryptocurrency exchanges have been targeted in hacks that have led to the loss of billions of dollars worth of cryptocurrency. However, it seems the attackers are changing tactics now.

Binance, the number one cryptocurrency exchange has reportedly suffered a phishing attack targeted at its users. According to a security researcher Harry Denley who uncovered the attack, a website ‘logins-binance.com12754825.ml’ was set up to collect user login information and 2-Factor Authentication details to ‘eventually use in social engineering methods ”

Although the server does not communicate with the Binance domain, it bore a striking resemblance to the login page on the Binance website. Unsuspecting users are asked to provide login information similar to a normal login process and then the 2FA details. A false login process then returns them to the 2FA page, by which time their information has been stolen.

A successful attack reveals a user’s information including name, surname, phone number and email address as well as 2FA information and IP address of the user. They will then contact Binance pretending to be the user and ask to remove the account’s 2FA either because of a broken phone or a lost device. Of course Binance will request the user’s details and they will confidently provide the stolen information and gain access to the account, and the rest is history.

Although the researcher did not mention how many users have fallen victim to this phishing attack, he did reveal that the same attacker has phishing kits for several other websites apart from Binance, including Gmail.

As a precaution to avoid such incidents, he suggests a double check of website domains before providing login information every time. He also recommends the use of  EtherAddressLookup or MetaMask browser extensions which alert users of known phishing domains to ensure they don’t fall victim of established phishing schemes.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide