All of these users’ altcoins—cryptocurrencies with small market caps compared to market leaders Bitcoin and Ethereum—had been sold for Bitcoin at market rates, they claimed on social media. The Bitcoin was then used to buy another small-cap virtual currency called Viacoin, users said, all without their knowledge. As a result, Viacoin's value spiked by roughly 9,900 percent, or 100 times its value before the irregular trades.
“In the morning today, all my altcoins (980 MTL and 200 AION coins) were sold automatically without me placing a sell order,” Sushant Sarin, a Twitter user who claimed their Binance account was drained, told me in an email. “Then VIA coins were bought when the price of VIA coin had skyrocketed to 0.025 BTC and my account balance dropped from 0.55 BTC to 0.04 BTC. I do not know what happened and how these purchases were made.”
Sarin’s losses amounted to .51 BTC, or roughly $5,000 USD, they claimed, and all they got in return was some Viacoin.
Binance maintains that the exchange was not hacked, and that an attacker may have instead accessed individual user accounts with credentials stolen through phishing attacks or via automated trading bots using the Binance API. Binance CEO Changpeng Zhao tweeted on Wednesday that the irregular trades were identified and will be reversed, neutralizing the attack. “All funds are safe, thanks to the fast alarm,” Zhao wrote. “Please learn to secure your accounts against phishing.”
“The only information we have to provide at the moment is that some users had their funds market sold and funnelled into VIA,” “Symbiotic,” the administrator of the official Binance Telegram channel and moderator of the exchange’s subreddit, wrote me in a Telegram message on Wednesday morning. “There is no evidence of the Binance platform being compromised. First impression is a user security issue, with the attacker collecting the users’ information over a period of time.”
Symbiotic wrote that so far victims had the Binance API enabled on their accounts or had it enabled by someone with access to their account. Later on Wednesday, Symbiotic confirmed this statement on the Binance subreddit and added that withdrawals on the exchange were temporarily disabled.
Sarin told me over email that they were not using the Binance API and did not know if their credentials had been previously phished, adding, “I am a supply chain consultant and not a stock trader or hacker!”
Viacoin has been around since 2014 and was stuck in a price slump for years until Wednesday’s incident. In the space of one minute the BTC price of Viacoin on Binance spiked nearly 9,900 percent before dropping. This led to speculation on social media that the scheme to buy Viacoin with other people’s funds was designed to artificially inflate the price of the coin so the attacker could cash out on the exchange at a high water mark.
“We feel a bit sad about the current situation because a lot of people come up with conspiracy theories that the Viacoin devs have to do something with it but we don’t have anything to do with it,” one of Viacoin’s developers, who goes by the pseudonym “Romano,” wrote me in an email. “We hope people will also see that they should never save their funds on an exchange when it is unnecessary, they might miss out on some trades but better be safe than sorry.”
While we still don’t know how this happened—although Binance accounts accessed using stolen credentials seems to be the most likely vector of attack—it’s yet another reminder that handling funds can come with a lot of risk in the world of digital currencies.
Get six of our favorite Motherboard stories every day by signing up for our newsletter .
CORRECTION: An earlier version of this article stated that the value of Viacoin spiked 100 percent. In fact it spiked 100 times its original value, which is a 9,900 percent increase. Motherboard regrets the error.