To access www.binance.com，please pay attention to below security rules：
One more rules shall be noted：
Don’t enable API if it was not required.
User may be attacked by phishing website via search engine referrals,browser plugins/extensions,third party or invalid apps。
- Risky search engine referalls, navigate user to phishing website
- Risky brower plugins/extensions, navigate user to phishing website
- Risky email with phishing link
- Some users may install third party application to manage their investment portfolios, or install invalid APP from app store.
Phishing websites may induce user to expose their confidential information such as password, 2FA code. Therefore, Hackers can steal users’ coins through API withdrawls, abnormal buy/sell orders.
Below logs illustrate a phishing attack through searching engine referrals：
Server logs listed the process of coins stolen:
- Login: 220.127.116.11 2018-02-05 09:54
- Modify API: 18.104.22.168 2018-02-05 10:00
- Confirm API withdraw: 22.214.171.124 2018-02-05 10:01
- Login: 126.96.36.199 2018-02-05 10:02
- Complete API withdraw: 188.8.131.52 2018-02-05 10:02
- Delete API: 184.108.40.206 2018-02-05 10:03
One victim attacked by phishing website described details as blow:
Appendix suspicious phishing website list