Some of the affected users are adamant that they have never used the Binance API, but the exchange’s CEO attributed this to previous phishing attacks. More sophisticated than a conventional phishing attack, this instance would steal a user’s login details via a virtually indistinguishable URL then redirect them to the real Binance site. The attacker would have been none the wiser that their account had been compromised until today.Quite a phishing attack. Why is the exchange using a web interface, a javascript browser, to collect keys? Think. The end point will be direct message from secure element to secure element.
We need an intermediate method, hmm. The trader needs a mechanism that checks URL before delivering any key.
No comments:
Post a Comment