Binance has found itself at the center of an unusual trading bug that has created big winners and losers. In a matter of minutes, viacoin pumped by 70x. Just to compound the drama, bitcoin experienced a massive sell-off shortly afterwards following bearish news from the SEC. Binance suspended withdrawals while it investigated the matter, but these have since been reactivated. Wednesday March 7 will go down as a memorable day in the exchange's short history, but one with a happy ending.
Viacoin Goes on a Moon Mission
Pump and dump schemes are not unusual on cryptocurrency exchanges, but this wasn't a usual pump. This was a mega pump which sent viacoin from $3 to $200 in record time. Binance wasn't hacked. Rather, a compromised API is the culprit behind what was an extremely clever attack. First, the bot sold all the altcoins in accessible accounts at market prices, causing a sea of red. Then, it took the BTC profits and put them into viacoin. It may have occurred illegally, but if ever there were a case of a moon mission, this was it, as one Twitter user memorably depicted, the green candle standing proud in the center:
The candle viacoin produced was a spectacular one, as the misappropriated crypto of potentially hundreds of traders was used to send the coin sky-high. One trader boasted of having made $300,000 in BTC from the pump and then withdrawing it to Coinbase before Binance caught on and disabled withdrawals. The user's Twitter account disappeared shortly afterwards. Another reportedly lost 0.5 BTC, although Binance has since restored all customer funds.
Bots Blamed for Beastly Binance Bug
Altcoinbot.io has been suggested as the likeliest culprit behind the scam. Typically, such bots require traders to submit an API key linked to an exchange. This key permits the bot to make trades on their behalf, but not withdrawals, hence the pattern of dumping affected users' altcoins and then pumping VIA. As the mother of all pumps unfolded, viacoin dev Romano was forced to go on the defensive, with some people suggesting the scheme was of his doing.
The conspiracy theories were bolstered by the fact that Romano had spoken of tinkering with his own trading bot in the last few days. He seems to have had no inkling of this event in advance, however, and there is no evidence that points to his involvement. "At least the hacker has a good taste," he wisecracked, adding "Jokes aside I have nothing to do with Binance acting weird. If rumors are true, kinda wish they bought another coin instead of Viacoin. Probably they chose the coin with the lowest marketcap, being the easiest to buy up."
We are investigating reports of some users having issues with their funds. Our team is aware and investigating the issue as we speak. As of this moment, the only confirmed victims have registered API keys (to use with trading bots or otherwise). There is no evidence of the Binance platform being compromised. Please remain patient and we will provide an update as quickly as possible. Withdrawals are temporarily disabled at this time.
Some of the affected users are adamant that they have never used the Binance API, but the exchange's CEO attributed this to previous phishing attacks. More sophisticated than a conventional phishing attack, this instance would steal a user's login details via a virtually indistinguishable URL then redirect them to the real Binance site. The attacker would have been none the wiser that their account had been compromised until today.
Bitcoin Dumps Amidst the Chaos
Bots Blamed for Binance Bug That Leaves Traders Counting the CostIn a dramatic day for the markets, bitcoin dropped sharply to under $10,000 as the full scope of the Binance incident was still sinking in. Altcoins have also been badly affected, not only on Binance, but across the board. Bitcoin's sharp dip does not necessarily correspond to the goings on at Binance – the SEC releasing a directive regarding unlawful trading platforms is a likelier cause – though the incident can't have helped. If a trading bot is proven to be responsible, it may cause traders to think twice about who they hand their API keys to in future. Third party platforms might be incapable of accessing users' funds, but they can still wreak havoc as today's events show.
