Security Researcher Tears Up a Binance Scam Site to Find the Hackers

Harry Denley, researcher for MyCrypto, found and dismantled a clever phishing site that targeted Binance users.

Jun 3, 2019 at 2:00 p.m. UTC
Updated Sep 13, 2021 at 9:16 a.m. UTC

In a six hour trek through an insecure server, security researcher Harry Denley was able to reconstruct - and apparently shut down - a clever phishing attack that is targeting users of the Binance crypto exchange.

His Medium post details the activity on a phishing site - logins-binance.com12754825.ml - that collected logins and two-factor codes from confused users. The server presented what looked like a standard Binance login and the user would type in their credentials and then be forced to wait, presumably while the hackers logged in on their side.

Luckily the server was wide open and Denley was able to find tools, logs, and even email addresses for the hackers.

Jeremiah O’Connor (security researcher at Cisco) forwarded me a domain that has been phishing for Binance logins — logins-binance.com12754825.ml.

This domain has a different phishing kit to previous ones we’ve seen, as it changes the user sign-in journey to collect personal information to eventually use in social engineering methods — this server does not communicate with the Binance domain.

The code also sent emails to various bad actors. The domains he found, including the nonsensical com12754825.ml one, seem to have been shut down and emails to the embedded addresses went unanswered. As we see, security is almost 90% about making sure that login screens and URLs look right and the rest, it seems, is luck.

Denley is Director of Security at MyCrypto.com and he last reported on a massive hole in an open source paper wallet generator.

Header image via Coindesk Archive

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
US Appeals Court Orders SEC to Bring Enforcement Actions to Jury Trials

The 5th Circuit Court of Appeals found that the targets of SEC enforcement actions had their constitutional rights violated by the use of in-house judges.

The 5th Circuit Court of Appeals found that the targets of SEC enforcement actions had their constitutional rights violated by the use of in-house judges.

2
First Mover Asia: Pine Wants to Test the Liquidity of the NFT Market; Cryptos Are Well-Red

The number of users on NFT markets is at its lowest point this year, but still higher than in 2021. The crypto lending platform sees an opportunity.

The number of users on NFT markets is at its lowest point this year, but still higher than in 2021. The crypto lending platform sees an opportunity.

3
CFTC Chair Indicates Agency Will Increase Crypto Enforcement: Report

Rostin Behnam said the agency was facing a rapidly increasing number of cases and would add resources to address crypto fraud.

Rostin Behnam said the agency was facing a rapidly increasing number of cases and would add resources to address crypto fraud.

4
LimeWire Signs Deal With Universal Music for Music NFT Licensing, Blockchain Gaming in Focus

The most valuable crypto stories for Wednesday, May 18, 2022.

The most valuable crypto stories for Wednesday, May 18, 2022.