A Binance Hack Rumor Caused Chaos in the Crypto Market, but Nothing Has Fundamentally Changed
Here is what happened with the “hack” of Binance (a major cryptocurrency exchange):
UPDATE ON WHAT OCCURRED WITH BINANCE: It was a not a hack of Binance or a platform that stored APIs, it was a phishing incident that some Binance users feel victim to. This story is explained below. See the official statements.
NOTE: First, please see also the official statement by Binance on Reddit. Also note that rumors of MtGox selling leftover crypto and an announcement by the SEC added to the panic occurred right around the same time the Binance thing did (and helped fuel the panic selling; so it wasn’t “just Binance FUD,” it was that, plus Binance FUD, plus normal market factors that led to he pullback in BTC price). Now with that in mind here is the story.
SEE ALSO: The official Binance Twitter for updates.
Summary of the Phishing and Attempted Stealing Incident on Binance//t.co/qC9gCgonng
— binance (@binance_2017) March 8, 2018
- Some Binance users who use trading bots seem to have had their API access compromised by hackers.
- It is unclear if APIs were accessed via Binance or a third party app, but logically it seems unlikely that Binance was hacked directly (given the selection of people compromised and the way API access works). Given this, it isn’t fair to call this a Binance “hack” just yet (as it could have just as easily been, and likely was, a hack of third-party software improperly storing API keys; Meanwhile, the info could have also been gleaned from a phishing attempt, such as through a site that looked like Binance but wasn’t). UPDATE: Binance has stated that it was a phishing attempt, be very careful with those sites that look like Binance, Coinbase, etc but are one letter off (and be careful with installing extensions). It is smart to use a web browser that you use for only crypto related things, then bookmark the real sites and double check you are on the real site each time before you input any info.
- The hack was not the worst case, users simply had their alts sold of for BTC, and in some cases, it looks like that BTC was used to buy a coin called Viacoin (VIA). In other words, the goal of the hack seems to have been a VIA pump and dump (not a theft of crypto or an attempt to crash BTC). UPDATE: Binance rolled back BTC and VIA transfers (see official Tweet).
- It doesn’t look like anyone had their crypto moved off the exchange, this was potentially not the goal of the hack. Further, Binance quickly halted withdrawals to prevent this from happening. This, through a positive lens, actually says good things about Binance.
- Despite the facts, people were quick to panic and Bitcoin’s price quickly dropped from the mid $10ks to the mid $9ks (the “flash crash”).
- The timing of this was unfortunate, as Bitcoin had just failed a breakout and had already put a little downward pressure on the market. Thus the panic set of a chain reaction of selling based on technical indicators like moving averages (so the selling snowballed based purely on the state crypto was in prior to the event).
- The bottom line here is that altcoins followed Bitcoin’s panic selling and the result was the market was pretty much universally in the red for a few hours.
- Meanwhile, as of writing, these prices are recovering.
- In cases where a single event like this spreads panic, prices tend to recover quickly (since nothing fundamentally changed).
THE BOTTOM LINE: This isn’t a story about the dangers of using exchanges, this wasn’t an MtGox, to say the least, this was a story of a vanilla-as-hacks-go unfortunate hijacking of API access. It is hardly fun, but an event like this is more of a “buy the dip” and “shrug it off” sort of event (assuming bears don’t use this as an excuse to drive prices down). Nothing has substantially or fundamentally changed, and that sort of thing results in prices settling back into where they were at before the panic in general… however, no one has a crystal ball and there is precedent for FUD like this being the straw the breaks the camels back (thus, one must always keep both the worst and best possible worlds in mind when trading / investing).
THE MORAL OF THE STORY: On one hand the moral here is to some degree same old, “be careful about keeping all your funds on an exchange” story. More so, however, the morals are these. 1. “One must take care to vet third-party trading bots” (or more generally, any third party platform you would access an exchange API through). Third party platforms may in cases need to store API keys. If these keys are not encrypted properly (that is, if they are in a database that isn’t encrypted properly or more generally can be hacked) then users are at risk of this sort of thing happening. And 2. “One must be very careful about inputting their private information online” (as phishing sites can look almost exactly like the real ones but be, for example, one letter off in a name).
NOTE: We will keep you updated as we learn more. What we presented above is simply our best interpretation of the story based on sources like the official Binance Reddit post and from what can be gleaned from the price charts and order books. Make sure to check Binance’s official Twitter for official statements and watch out for inaccurate reporting.
- *PLEASE READ* Regarding Unauthorized Market Sells. Binance on Reddit.com. <— Official statement