×
all 65 comments

[–]fuckveggiesgetbacon 15 points16 points  (9 children)

These guys definitely get it. This is how business should be done.

[–]ReportFromHell 5 points6 points  (7 children)

I can't believe they only launched last July. They just did everything right, while more established and experienced exchanges such as Coinbase, Bitstamp or Bitfinex are now looking like amateurs.

[–]csasker 2 points3 points  (5 children)

Bitfinex is at an whole other level, their trading engine and order types and so on is much better than Binance

[–]bg17aw 0 points1 point  (0 children)

Agreed, but many people are not aware of these things. Or that Bitfinex is using websockets for their API so it's much faster and so on

[–]gonzalez559 0 points1 point  (3 children)

Unfortunately us U.S. customers are banned from using Bitfinex so Binance is our next best option.

[–]csasker 0 points1 point  (0 children)

Yes, I also like Binance, but for doing this fine grained trading and really have control it's not the exchange

[–]cryptoworld0 0 points1 point  (1 child)

they can use bitfinex with a vpn but wouldn't be able to withdraw or deposit fiat.

[–]douser21 0 points1 point  (0 children)

It depends on the bank they're using . some of the banks won't allow people to withdraw from bitfinex or cryptocurrencies involved .

[–]Scafell1 0 points1 point  (0 children)

I do like how they handle their "hot situtations" but for trading I prefer Bitfinex, they UI and tools are a life saver.

[–]ididitdoit 0 points1 point  (0 children)

Every scenario of crisis should be trained, and they did.

[–]TriforceHunter 23 points24 points  (2 children)

Absolutely, well said. This will end up being a positive news event for Binance.

[–]danielscenery 15 points16 points  (0 children)

I agree. I wasn't affected but I found it super impressive. CZ and Binance seem like by far the most trustworthy and competent exchange

[–]yoyoyyyyyyyyyyyoo 18 points19 points  (3 children)

They really must have a top-notch development team to be able to do things like this. I couldn't agree more.

[–]cryptodisaster 9 points10 points  (0 children)

Couldn't have said it better! My account was credited with BTC at roughly the same value as my holdings at the time. Very pleased. Kudos Binance

[–]vels13 15 points16 points  (10 children)

They did this and they didn't even have to. People's accounts were compromised due to their own actions, Binance was under no obligation to give anything back to anyone but they still made it right for people.

[–]OwlCrypto 1 point2 points  (0 children)

I feel sorry for Binance. People need to try using a password manager, atleast that way it won't autofill their password if the site doesn't match. I don't know any of my passwords and I don't even know the password for my password manager.

[–]reddmon2 0 points1 point  (0 children)

I made it right. My VIA sells were reversed.

[–]bg17aw 0 points1 point  (0 children)

They didn't give back everything to everybody though: "There are still some users whose accounts where phished by these hackers and their BTC were used to buy VIA or other coins. Unfortunately, those trades did not execute against any of the hackers’ accounts as counterpart. As such, we are not in a position to reverse those trades. We again advise all traders to take special precaution to secure their account credentials.".

[–]cointrader17 0 points1 point  (6 children)

Not sure if you read but many people didn't have bots, or api . They had 2fa and various other security methods . So I'm sure many people didn't do this with their own actions.

Smh..

[–]vels13 5 points6 points  (5 children)

2FA does nothing if you go to a phishing site and enter youtr password/2FA. They can go in and create api keys once you've done that. So yes, you can be phished even with this stuff and yes it was their own action.

Smh

[–]cointrader17 1 point2 points  (1 child)

But come on all these people happen to be phised I seriously doubt it

[–]vels13 4 points5 points  (0 children)

have you ever spent any time here or on telegram. you would be appalled at the number of people that fall for these phishing sites. like ashamed of humanity appalled.

[–]wreckyCZ 0 points1 point  (1 child)

You need a new 2FA code to create API keys.

[–]Nick_85 2 points3 points  (0 children)

new 2FA code to crea

the fishing site asked for a second 2fa saying the first one was incorect and ofcourse asking to wait a bit (enough for them to log with the first key)

[–]Goldshredder 2 points3 points  (3 children)

I thought the creation of API keys involved having to enter the 2FA code again, and that you couldn't re-use the same 2FA code more than once because the system should say "wait for the next code".

I can't 100% remember now if Binance followed those basic security rules.

Perhaps it's other exchanges I'm thinking of that has those requirements. Which would be quite an oversight on Binance's part, if they did not.

[–]WillyWanchain 2 points3 points  (0 children)

I suppose a phishing website could give some "try again" error to trick people into entering 2 different 2FA codes.

Phisher uses the 1st code to login to the account, then the 2nd code to create the API key.

[–]chasingpackets 1 point2 points  (0 children)

You’re right, can’t use the same 2fa you used to login to create the API keys. Good point.

[–]Arksun76 -1 points0 points  (0 children)

If its like Google authenticate then you have up to a 30 second window before the 2FA number changes to a new one, more than enough time for the attacker to be logged into the account and activate the API.

What they could do is add an email confirmation as well like they do with withdrawals, though of course if the victims email account is also compromised there's not much that can be done then.

[–]aaldrich12345 1 point2 points  (0 children)

Phenomenal job by the binance team. I love the communication and transparency from the CEO himself when problems arise. Keep it up!

[–]Firestreak123 1 point2 points  (3 children)

I agree. They handled that situation very well and even wrote a detailed report of what happened to keep us all apprised. Kudos to them.

[–]9mmParabellum -1 points0 points  (2 children)

My ethereum was used on some shitty altcoins, but not on VIA. Stil no money back so not that cool...

[–]keith1024 1 point2 points  (1 child)

If you're saying you were victim to phishing that got the API keys added to your account, that's on you. Binance can only do so much.

[–]9mmParabellum -1 points0 points  (0 children)

I did not provide my API Keys, got 2fa. I only use mobile Phone and my desktop to trade on binance and only at my Home internet.

[–]codescloud 1 point2 points  (0 children)

I get your point, but you should try more advanced exchanges like Bitfinex.

[–]Arksun76 2 points3 points  (0 children)

Yup, must say I'm more confident in Binance than ever now. I'll never consider an exchange as a safe haven to store crypto on, but as far as exchanges go, Binance is now at the top for me.

[–]turtleturtlerandy 0 points1 point  (0 children)

I wasn't affected by this event but Binance gives me hope for the crypto world! Very professional and with constant communication.

[–]zorghee 0 points1 point  (0 children)

Couldn't agree more with you!

[–]konspirator01 0 points1 point  (0 children)

Wasn't affected but this resolution was better than I could've imagined. Why couldn't we have these guys run Mt. Gox?

Bought some BNB because I really believe and trust them now.

[–]nilonilo 0 points1 point  (0 children)

MY 2FA is not working now, cannot even login to account. Anyone else?

[–]fumdeiarba 0 points1 point  (0 children)

Good work Binance Team.

[–]Evil_jelly_ 0 points1 point  (0 children)

Yeah im so impressed with the way binance handles everything coming at them. So professional

[–]ch3weh 0 points1 point  (0 children)

I was hurt pretty badly by this, but I commend the work and comms from Binance in rectifying the situation.

I am slightly concerned as to how this happened in the first place, as I'm not convinced account phishing was the only culprit. I would also like email confirmations for API key creations.

But, all being said... nice work Binance.

[–]kriS411 0 points1 point  (0 children)

The exchange we need but don't deserve. Absolutely A+ performance by Binance on all levels. A true industry leader others have to look up to.

[–]22Rimfire 0 points1 point  (0 children)

This is why I dropped Poloniex and joined Binance. What a world of difference when it comes to customer service. Thanks Binance!

[–]NotHelpfulAdvice 0 points1 point  (0 children)

If they keep it up I see no reason why I'd ever use another exchange now. The only complaint I've ever had is their web browser can be a little rough on high volume but I suppose I'd be just overly critical there. They really do a good job with their customers.

[–]AmUsed__ 0 points1 point  (0 children)

That's how I realise how Bitgrail managers are amateurs from the very beginning

[–]Webguy13 0 points1 point  (3 children)

Nonsense, I contacted Binance as far back as the 5th Feb to warn them about this, as I was the first to pick up irregularities on thier platform... They called me and I quote "A Conspiricy theorist" and refused to look into it. In the weeks that followed their replicated database crashed and had to be restored from the Master. Then shortly after the so called "phishing scam" which I belive is utter BS. But they were warned well in advance, they did nothing.

[–]keith1024 0 points1 point  (1 child)

I don't think you understand how this "hack" went down. I say "hack", but this was not a hack (thanks media), this was just a good ol' case of social engineering taking advantage of the unsuspecting, careless, ignorant, or whatever. The phished accounts had API keys added, and then those keys sat there dormant, doing nothing, so there would've been no irregularities, as you call them, in this time. The irregularities occurred in one big move yesterday, and Binance locked that down in moments. Carry on watching Mr Robot though, it's a cool show.

[–]Agentjason23 0 points1 point  (0 children)

What he's saying is true, although I don't think he was the first I believe someone told them about it even earlier back in January, I will try to find the link.

[–]andrecaetano 0 points1 point  (0 children)

Take my upvote

[–]SayHonest 0 points1 point  (1 child)

where are the dudes claiming binance was behind all of this???

[–]OwlCrypto 1 point2 points  (0 children)

Crypto has attracted a lot of noobs and a lot of non savvy computer people which is good and bad, but a lot of people shouldn't be using exchanges as they don't know basic security principles. People shouldn't know any of their own passwords and they should use a password manager.

Binance is left to clean up their mess, luckily they were able to identify the naughtiest accounts and give people back BTC.

[–]Mr_Amo -3 points-2 points  (0 children)

Guys, friendly advice: don't buy back in! I don't want to spread any FUD but please, make sure that you have the below in mind before buying any crypto today or in the next few days.

  1. the hack happened and is still not fixed. All funds are not restored. There will be new dips and hyper volatility in the next few days! Instead, short sell and buy back cheaper later!

  2. Check the charts on Binance: price is gradually and slightly moving up but based on ridiculously low volumes. Purely artificial recovery then. When the bears come back massively, this artificial growth is going to crumble again in 10 minutes.

  3. Believe me, remove your assets and put them in safer exchanges for now.

  4. Binance is buying coins ATM to artificially sustain market caps. When they stop doing that, prices will drop again.

Wait a couple of more days buy when the dips. And don't forget to thank me when this happens.