Cyber Incident Victim: Fetch.ai

On June 6, 2021, attackers compromised accounts belonging to Fetch.ai, a U.K.-based artificial intelligence firm, on the Binance cryptocurrency exchange. The unauthorized parties gained access to Fetch.ai’s trading accounts, which held multiple cryptocurrencies including USDT (a dollar-pegged stablecoin), Binance Coin, and Bitcoin. The attackers executed trades at deliberately undervalued prices, selling Fetch.ai’s holdings rapidly and transferring the proceeds to third-party accounts believed to be controlled by the perpetrators. This activity resulted in losses exceeding $2.6 million over a short timeframe. The fraudulent trades exploited the operational design of Binance trading accounts, where counterparties remain unaware of the account holder’s identity during transactions. Fetch.ai subsequently filed a lawsuit against Binance, prompting the London High Court to intervene.

The London High Court ordered Binance to identify and freeze accounts holding the stolen assets, requiring the exchange to restrain recipients from disposing of traceable proceeds. Binance confirmed compliance with the order, citing existing security policies to freeze accounts involved in suspicious activity and emphasizing collaboration with Fetch.ai to recover lost funds. Court documents detailed that the attackers’ actions involved moving assets from Fetch.ai’s accounts to external accounts operated by or for the fraudsters. Concurrently, the broader cryptocurrency ecosystem faced another significant incident involving Poly Network’s $612 million breach, where Binance was among the blockchains receiving stolen funds—though this was unrelated to Fetch.ai’s case. Blockchain analysis firm Elliptic noted challenges in laundering large-scale stolen crypto assets, coincidentally reporting on darknet tools enabling criminals to test fund traceability around the time of Fetch.ai’s breach.