Bitcoin
$64,194.62+1.57%
Ethereum
$3,073.81+0.57%
Binance Coin
$559.10+1.54%
Solana
$144.70+4.14%
XRP
$0.50450643+0.71%
Dogecoin
$0.15253787+1.68%
Toncoin
$6.21-2.32%
Cardano
$0.46895607+3.78%
Shiba Inu
$0.00002273+0.38%
Avalanche
$35.03+1.07%
Wrapped Bitcoin
$64,349.04+1.71%
Tron
$0.11006222+0.88%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Consensus 2024Price Increase Extension Ends In
01
DAY
01
HR
10
MIN
30
SEC
Markets

Security Researcher Tears Up a Binance Scam Site to Find the Hackers

Harry Denley, researcher for MyCrypto, found and dismantled a clever phishing site that targeted Binance users.

By John Biggs
AccessTimeIconJun 3, 2019 at 2:00 p.m. UTC
Updated Sep 13, 2021 at 9:16 a.m. UTC
Binance CEO Changpeng "CZ" Zhao
Binance CEO Changpeng "CZ" Zhao
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

In a six hour trek through an insecure server, security researcher Harry Denley was able to reconstruct - and apparently shut down - a clever phishing attack that is targeting users of the Binance crypto exchange.

His Medium post details the activity on a phishing site - logins-binance.com12754825.ml - that collected logins and two-factor codes from confused users. The server presented what looked like a standard Binance login and the user would type in their credentials and then be forced to wait, presumably while the hackers logged in on their side.

Luckily the server was wide open and Denley was able to find tools, logs, and even email addresses for the hackers.

1u_0fvlnqpcfw1qobhpc0ew

Jeremiah O’Connor (security researcher at Cisco) forwarded me a domain that has been phishing for Binance logins — logins-binance.com12754825.ml.

This domain has a different phishing kit to previous ones we’ve seen, as it changes the user sign-in journey to collect personal information to eventually use in social engineering methods — this server does not communicate with the Binance domain.

The code also sent emails to various bad actors. The domains he found, including the nonsensical com12754825.ml one, seem to have been shut down and emails to the embedded addresses went unanswered. As we see, security is almost 90% about making sure that login screens and URLs look right and the rest, it seems, is luck.

Denley is Director of Security at MyCrypto.com and he last reported on a massive hole in an open source paper wallet generator.

Header image via Coindesk Archive

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about
ScamsNewsBinance