The prices of Bitcoin and many other cryptocurrencies began tumbling yesterday after rumors that the Binance cryptocurrency exchange had been hacked. Many users saw their altcoins (Litecoin, Ethereum, Bitcoin Cash, etc.) being sold at market prices and being converted into Bitcoin. Those bitcoins were then used to purchase an altcoin known as Viacoin, driving Viacoin’s price up almost 100-fold. The speculation was that hackers had compromised user accounts to drive up the price of Viacoin so that they could cash out their own Viacoin holdings at high prices.
What exactly happened on Binance’s platform is not 100% clear. Initially it was believed that hackers had compromised API keys that some users used with trading bots to place automated cryptocurrency trades. But some API users noted that their holdings were untouched, while other users who had never used APIs noticed their holdings being sold too.
It appears that the affected users may have been the victims of a devious phishing attack, having been directed to a fake version of the Binance website created to try to steal users’ login credentials. Some of the users even had two-factor authentication set up and still had their accounts compromised. Once the hackers had those login credentials they were able to access users’ accounts and undertake trades without the users’ permission, enabling their scheme to drive up Viacoin’s price to be successful.
Binance claimed that its automatic alarms were triggered, that it was able to stop unauthorized trades, and that all funds were safe. But that’s little consolation to the users who were affected and lost thousands of dollars of their cryptocurrency holdings. If that can happen to the world’s third-largest Bitcoin exchange then it can happen to any exchange.
This incident highlights the continuing importance of security for Bitcoin IRA investors and other cryptocurrency investors. Hot wallets just do not have the level of security that is needed to remain safe against hacking and phishing attempts. Not even two-factor authentication can keep the bad guys from gaining access to funds stored in a hot wallet.
Cold storage is the only way to minimize these types of attacks. And any time you are asked to log in to a website, make sure that it is the website you’re intending to log in to. To remain the most secure, be skeptical of links you receive in emails and enter in the website’s address manually. Not doing that is what likely enabled these hackers to do what they did.