Crypto-exchange pays investigators after hackers identified
Cryptocurrency exchange Binance has awarded $200,000 to a team of unidentified investigators after the cybercriminals behind a 2018 phishing campaign were reportedly indicted in the US.
Binance was the target of an attack in March 2018, which saw cybercrooks create phishing sites mimicking the crypto-exchange to steal users’ login credentials.
They then used these credentials in an attempt to hack into users’ cryptocurrency wallets.
Identified and sanctioned
In a statement yesterday (November 11), Binance said it has awarded a team of “investigators” for identifying the perpetrators, which it says has led to the indictment of the accused.
The statement reads: “Soon after the attempt in 2018, we offered a $250,000 reward for information leading to the arrest of the attackers. That same month, a team of investigators submitted a long-form report that identified one of the attackers and provided information on the specifics of the attack.
“Our security team promptly passed off this report and other information and indicators to US law enforcement. In the months that followed, we worked closely with US law enforcement to help identify and bring to justice the attackers.”
The organization added: “As a result of this cooperation, the culprits have been identified and sanctioned, and are currently being pursued. Though the suspects remain at large, we decided to award a $200,000 bounty to the investigators for their work, with the remaining $50,000 to be given once the attackers are in custody.”
The unnamed suspects have been indicted by the US Department of Justice, Binance claims.
The US Department of the Treasury’s Office of Foreign Assets Control simultaneously announced sanctions targeting the individuals, the company added.
Binance was the target of a large-scale phishing campaign in March 2018
One year after the phishing attack, Binance famously suffered a $40 million loss in 2019, when hackers infiltrated the company’s networks in a “well-orchestrated” attack.
It isn’t clear whether this attack was linked to the earlier campaign, although Binance did reveal that those behind the “large-scale security breach” were in possession of user API keys, 2FA tokens, and other personal information belonging to customers.
As a prime target for economic cybercriminals, Binance has long demonstrated its commitment to security, with the exchange paying out nearly $250,000 in bug bounty rewards for its program in conjunction with Bugcrowd.
“We have a strong team and community that collaborate to remove bugs, take down fraudsters, and improve our exchange’s security,” the company said. “This has resulted in a total of 247,787 USD in bounty rewards distributed to these valued members of the community.”