A cryptocurrency exchange is offering a $250,000 bounty for information that leads to the arrest of individuals who perpetrated a hacking attack against its users.
The first person to provide information that leads to the arrest of those behind a recent security incident will receive the bounty, Binance announced in a statement on 11 March. It’s possible that the cryptocurrency exchange could split up the bounty between multiple parties if the information leading to the attackers’ arrest comes from more than one individual.
On 7 March, many Binance users reported problems involving their accounts’ alternative coin amounts and the appearance of a suspicious trading API. The cryptocurrency exchange looked into the matter and determined that nefarious individuals had spent weeks phishing for users’ credentials and biding their time. They then attempted to coordinate a mass sell-off of alt-coins for Bitcoins and transfer those funds into their accounts.
Fortunately, the cryptocurrency exchange was able to freeze the coins deposited by the bad actors and to refund an equivalent amount in Bitcoins to affected users’ accounts. It wasn’t able to reverse a smaller number of transactions involving the use of Bitcoin to purchase alternative coins, however.
Binance is framing the bounty as part of a strategy to prevent similar security incidents from occurring in the future:
To ensure a safe crypto community, we can’t simply play defense. We need to actively prevent any instances of hacking before they occur, as well as follow through after-the-fact. Even though the hacking attempt against Binance on March 7th was not successful, it was clear it was a large-scale, organized effort. This needs to be addressed.
Towards that end, Binance is offering an additional $10 million for future bounty rewards that help prevent these types of attacks. It’s also inviting other cryptocurrency exchanges to join its platform.
Those with any information on the 7 March Binance security incident are asked to contact their local law enforcement agencies and to email firstname.lastname@example.org.