Binance rewarded the investigators who aided in the identification of the phishing scam launched in the platform in 2018. Binance offered a $200K bounty reward after the incident. As stated in a blog post on their website on March 11, 2018 :
“ Binance is offering a $250,000 USD equivalent bounty to anyone who supplies information that leads to the legal arrest of the hackers involved in the attempted hacking incident on Binance on March 7th, 2018.
The first person to supply substantial information and evidence that leads to the legal arrest of the hackers, in any jurisdiction, will receive the equivalent of $250,000 USD in BNB. The exchange rate will be determined at the time of transfer.”
The phishing scam was carried out using a homoglyph attack where the attackers used a fake Binance website. This was further explained on their website posted on March 8, 2018.
“ The hackers’ accumulated user account credentials over a long period of time. The earliest phishing attack seems to have dated back to early Jan. However it was around Feb 22, where a heavy concentration of phishing attacks were seen using unicode domains, looking very much like binance.com, with the only difference being 2 dots at the bottom of 2 characters.”
True to its promise, Binance has released the $200,000 reward to the investigators who identified the actors who were behind the phishing attack. The identities of the private investigators were withheld from the public though. The culprits were later identified as Danil Potekhin and Dimitrii Kamasavidi, both Russians. Allegedly, they were also behind the attack against Bittrex, Poloniex, and Gemini which has resulted in accumulated losses of $17 million. Both were later charged by the U.S. Department of Justice (DoJ) in February and also sanctioned by the Department of the Treasury’s Office of Foreign Assets Control (OFAC) in September.
The attack on the exchange platform was unsuccessful.
“ Not only did the hacker not steal any coins out, their own coins have also been withheld. “
Phishing scam using the homoglyph attack is now on the rise. Several exchanges have fallen victims to it. Ripple was also victimized using the same phishing scheme in January 2020. Recently, Ledger customers lost 1,150,000 XRP to a similar attack.