Share this article
Security Researcher Tears Up a Binance Scam Site to Find the Hackers
Harry Denley, researcher for MyCrypto, found and dismantled a clever phishing site that targeted Binance users.
By John Biggs
Updated Sep 13, 2021, 9:16 a.m. Published Jun 3, 2019, 2:00 p.m.
In a six hour trek through an insecure server, security researcher Harry Denley was able to reconstruct - and apparently shut down - a clever phishing attack that is targeting users of the Binance crypto exchange.
His Medium post details the activity on a phishing site - logins-binance.com12754825.ml - that collected logins and two-factor codes from confused users. The server presented what looked like a standard Binance login and the user would type in their credentials and then be forced to wait, presumably while the hackers logged in on their side.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Luckily the server was wide open and Denley was able to find tools, logs, and even email addresses for the hackers.
Jeremiah O’Connor (security researcher at Cisco) forwarded me a domain that has been phishing for Binance logins — logins-binance.com12754825.ml.
This domain has a different phishing kit to previous ones we’ve seen, as it changes the user sign-in journey to collect personal information to eventually use in social engineering methods — this server does not communicate with the Binance domain.
The code also sent emails to various bad actors. The domains he found, including the nonsensical com12754825.ml one, seem to have been shut down and emails to the embedded addresses went unanswered. As we see, security is almost 90% about making sure that login screens and URLs look right and the rest, it seems, is luck.
Denley is Director of Security at MyCrypto.com and he last reported on a massive hole in an open source paper wallet generator.
Header image via Coindesk Archive
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Dogecoin Hovers Near Key Support as Fed Easing Fails to Spark Risk Rally
Despite elevated trading activity, Dogecoin faces resistance near $0.1425, and its future movement is likely dependent on broader market sentiment.
What to know:
- The Federal Reserve's 25-basis-point rate cut has led to mixed market reactions, with Dogecoin trading quietly within its established range.
- Dogecoin's price remains stable between $0.13 and $0.15, with whale wallets accumulating significant amounts of the cryptocurrency.
- Despite elevated trading activity, Dogecoin faces resistance near $0.1425, and its future movement is likely dependent on broader market sentiment.
Top Stories
