Cyber Incident Victim: Binance
Date:
Jun 2021
Location:
United Kingdom
Summary
A U.K.-based artificial intelligence firm suffered unauthorized access to its Binance accounts, enabling attackers to sell over $2.6 million worth of cryptocurrency holdings at significantly reduced prices and transfer the proceeds to third-party accounts. The London High Court subsequently ordered Binance to identify and freeze the attackers' accounts, requiring the exchange to restrain further dealings with the stolen assets. Binance confirmed compliance with the order, citing existing security policies to freeze accounts involved in suspicious activity, and stated it was collaborating with the victim to recover losses. The incident occurred alongside another cryptocurrency exchange breach involving $612 million, where Binance was among the blockchains receiving stolen funds.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 6, 2021, unknown attackers compromised accounts belonging to Fetch.ai, a U.K.-based artificial intelligence firm, on the Binance cryptocurrency exchange platform. The attackers gained unauthorized access to Fetch.ai’s trading accounts, which held multiple cryptocurrencies including USDT (a dollar-pegged stablecoin), Binance Coin, and Bitcoin. They executed trades that sold Fetch.ai’s holdings at artificially suppressed prices, transferring the proceeds to third-party accounts believed to be controlled by the attackers or their collaborators. This fraudulent activity resulted in losses exceeding $2.6 million over a short timeframe. Fetch.ai filed a lawsuit against Binance in the London High Court, prompting the court to issue an order requiring Binance to identify and freeze the attackers’ accounts. The court mandated Binance to restrain recipients from disposing of traceable proceeds and to secure any identifiable assets remaining in recipient accounts. Binance confirmed it had existing policies to freeze accounts involved in suspicious activity and stated it was collaborating with Fetch.ai to recover the stolen assets.
The attackers exploited Fetch.ai’s trading accounts to liquidate cryptocurrency assets at “massive undervalues,” transferring funds to external accounts with no visible counterparty identification. The court noted the rapid depletion of assets caused significant financial harm to Fetch.ai. Concurrently, Binance was implicated in a separate cryptocurrency incident involving Poly Network, where $612 million was stolen and partially returned, with Binance listed as one of three blockchains receiving stolen funds. Blockchain analysis firm Elliptic reported the emergence of darknet tools enabling crypto launderers to test whether exchanges would flag illicit funds. Binance did not disclose technical details of the Fetch.ai account breach but reiterated its standard procedure of freezing suspicious accounts and assisting victims. Fetch.ai did not publicly comment on the incident or its collaboration with Binance following the court order.