The Binance Exchange, which announced the award for information on the recent hack attack, reported on the first results of its investigation.
Hackers receivedan access to API keys from user accounts due to a large-scale phishing attack and used them to manipulate the market. According to Binance, a group of intruders stands behind this attack, although the likelihood that it could hold one person, is also not excluded.
Binance provides a list of addresses on which copies of the exchanges that were used during the phishing attack were posted. It is curious that among them there are not only copies of Binance, but also Bitstamp, Bittrex, Coinone, Etherdelta, Gemini, HitBTC, Poloniex, as well as some other exchanges and crypto-currency services.
Most of the domains are registered for 2 names: Sergey Kireev and Victoria Belinskaya. One of these registrars can also be associated with the creation of phishing copies of the Bittrex exchange in August 2017.
The IP address used to create the API keys (18.104.22.168), according to the exchange's information, refers to Lipetsk, Russia. Binance admits that hackers could use a VPN or other service to hide the real location, while noting that with a high degree of confidence it can be argued that the attack was from Eastern Europe.
The company also identified several suspicious transactions of Viacoin, which took place 1-2 hours before the incident. A total of 31 suspicious transactions were identified for a total of 4,000 VIAs. All of them were committed within 200 blocks.