Just few weeks after major cryptocurrency exchange was hacked, a security researcher at MyCrypto.com, Harry Denly, has uncovered what seems to be a scam site created by hackers to apparently deceive Binance users.
This discovery was made in a six hour survey through an insecure server by the security researcher who was able to recreate and eventually close down a phishing attack targeted at users of Binance exchange.
Harry, in a Medium Post, disclosed details of activities on a phishing site. The login details was seen as: logins- binance.com12754825.ml, which were apparently logins and 2FA codes collected from confused users.
The server according to Harry, looked exactly like a Binance login, which requires the unaware users to input their login details while they experience a little delay in logging in, the hackers during this period of delay would have collected their details and logged in on their account. Fortunately, Harry while going through the server was able to find it wide open with tools, logs and e-mail addresses of the hackers.
According to Harry:
“Jeremiah O’Connor (security researcher at Cisco) forwarded me a domain that has been phishing for Binance logins — logins-binance.com12754825.ml.
This domain has a different phishing kit to previous ones we’ve seen, as it changes the user sign-in journey to collect personal information to eventually use in social engineering methods — this server does not communicate with the Binance domain.”
Harry also disclosed that, the code he discovered apparently sends e-mails to bad actors. The domains he found appeared to have been shut down, while e-mails sent to the addresses he found on the server had not been answered.
The image of the server in the Medium Post displays as:
Harry Denly also reportedly discovered a similar occurrence which he described as a massive hole in an open source paper wallet generator.