Several traders at popular cryptocurrency exchange Binance are reporting that the platform executed unauthorized orders through their accounts, triggering a 400 percent pump for lesser-known altcoin Viacoin.
On Wednesday, Binance users began flooding the exchange’s Reddit page with reports that their accounts had executed unauthorized buy and sell orders.
“WTF is happening!,” one exasperated user wrote. “ Binance just sold all my alts at market rate and I have got just the Bitcoin now. Is it because of account getting hacked or binance bot issue?”
“Everything was cleaned out from my account. Now even Bitcoin is gone. It was used to buy some random Via coin. All value gone,” the user added soon after.
“Same Here! Buy Order executed VIAcoin at horrendous prices,” another user replied.
Indeed, Binance exchange data indicates that a ~325,000 VIA buy order placed shortly before 3 pm UTC increased the price of VIA/BTC by several hundred percent.
A Binance representative quickly responded that the exchange is aware of the issue and is currently investigating it.
“We are investigating reports of some users having issues with their funds. Our team is aware and investigating the issue as we speak. Please remain patient and we will provide an update as quickly as possible,” the employee said.
Most of the affected users said that they had checked their login history for evidence of unauthorized access but said there was no suspicious activity, and several added that they have two-factor authentication (2FA) activated as an extra security measure.
Even so, the incident appeared to affect a limited number of users, and Binance later announced a temporary freeze on withdrawals, claiming that all of the victims it has identified had registered API keys — which are commonly used in trading bots.
The company said that there is “no evidence” that Binance itself had been compromised, and CEO Changpeng Zhoa stated on Twitter that “all funds are safe.”
All funds are safe. There were irregularities in trading activity, automatic alarms triggered. Some accounts may have been compromised by phishing from before. We are still investigating. All funds are safe.
— CZ (not giving crypto away) (@cz_binance) March 7, 2018
If the traders’ accounts were compromised through their API keys — which could have been accomplished through a phishing scheme — the hacker would likely have been able to trade on the accounts but not make withdrawals. Consequently, as one trader explained, the hacker likely used Viacoin buy and sell orders to launder the funds to his or her personal account.
However, several affected users protest that they did not use trading bots, and rumors that Binance was hacked continue to circulate through social media channels. These rumors, as CCN reported, have correlated with a significant Bitcoin price downturn.
Featured image from Shutterstock.Follow us on Telegram.