Binance clients targeted in $27M theft and unsuccessful $13M extortion attempt
Two multi-million dollar thefts against Binance clients, one successful and one only briefly successful, were identified over the weekend.
On-chain analyst ZachXBT reported on Nov. 11 that an attacker stole $27 million of Tether (USDT) one day earlier. He noted that the victim’s address is connected to the Binance deployer, an address used to create the company’s smart contracts.
Though some reports suggest that Binance’s own contracts were hacked, a Binance spokesperson suggested otherwise. In a statement to CoinDesk, they said:
“The user made a withdrawal from Binance, which was valid and authorized on our platform. Unfortunately, the DeFi wallet that received the withdrawal was compromised.”
The representative added that although the transfer is outside of Binance’s control, its security team is looking into the matter and would offer assistance if possible.
ZachXBT also revealed that the attacker swapped the stolen USDT for Ethereum (ETH) and then transferred the stolen amount to various crypto exchanges. Finally, the attacker bridged the funds to Bitcoin via Thorchain.
Though the theft itself occurred on Nov. 10, transactions linking the victimized wallet to the Binance deployer took place in 2022 or earlier.
Binance CEO reported $13M extortion
Binance CEO Changpeng Zhao separately reported a theft that targeted a number of individuals that remain unidentified. On Nov. 10, Zhao wrote:
“Executives from a client were lured on a ‘business trip’ to Montenegro, where they were abducted and forced to empty their wallets. Total loss [was about $12.5 million].”
Zhao said that the attackers transferred the stolen USDT to a Tron wallet. He said that Binance managed to freeze about $11.8 million with the help of its partners.
Accounting for time zone differences, it appears that Zhao reported this theft several hours before the on-chain timestamp of the larger theft. However, Zhao did not reveal the exact time of the attack, which may have taken place long before he disclosed it.
As such, the two attacks appear to be separate. It is unclear whether there is any relation between each incident beyond the fact that both attacks targeted Binance clients and concerned USDT amounts worth several million dollars.