Security Researcher Uncovers Witty Phishing Attack On Binance Exchange Users
Security Researcher Uncovers Clever Phishing Attack On Binance Users
One of the major issues affecting the cryptocurrency industry and a major hindrance to its popularity is lack of security. Cryptocurrency exchanges have been targeted in hacks that have led to the loss of billions of dollars worth of cryptocurrency. However, it seems the attackers are changing tactics now.
Binance, the number one cryptocurrency exchange has reportedly suffered a phishing attack targeted at its users. According to a security researcher Harry Denley who uncovered the attack, a website ‘logins-binance.com12754825.ml’ was set up to collect user login information and 2-Factor Authentication details to ‘eventually use in social engineering methods ”
Although the server does not communicate with the Binance domain, it bore a striking resemblance to the login page on the Binance website. Unsuspecting users are asked to provide login information similar to a normal login process and then the 2FA details. A false login process then returns them to the 2FA page, by which time their information has been stolen.
A successful attack reveals a user’s information including name, surname, phone number and email address as well as 2FA information and IP address of the user. They will then contact Binance pretending to be the user and ask to remove the account’s 2FA either because of a broken phone or a lost device. Of course Binance will request the user’s details and they will confidently provide the stolen information and gain access to the account, and the rest is history.
Although the researcher did not mention how many users have fallen victim to this phishing attack, he did reveal that the same attacker has phishing kits for several other websites apart from Binance, including Gmail.
As a precaution to avoid such incidents, he suggests a double check of website domains before providing login information every time. He also recommends the use of EtherAddressLookup or MetaMask browser extensions which alert users of known phishing domains to ensure they don’t fall victim of established phishing schemes.