Share this article
Security Researcher Tears Up a Binance Scam Site to Find the Hackers
Harry Denley, researcher for MyCrypto, found and dismantled a clever phishing site that targeted Binance users.
By John Biggs
Updated Sep 13, 2021, 9:16 a.m. Published Jun 3, 2019, 2:00 p.m.
In a six hour trek through an insecure server, security researcher Harry Denley was able to reconstruct - and apparently shut down - a clever phishing attack that is targeting users of the Binance crypto exchange.
His Medium post details the activity on a phishing site - logins-binance.com12754825.ml - that collected logins and two-factor codes from confused users. The server presented what looked like a standard Binance login and the user would type in their credentials and then be forced to wait, presumably while the hackers logged in on their side.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Luckily the server was wide open and Denley was able to find tools, logs, and even email addresses for the hackers.
Jeremiah O’Connor (security researcher at Cisco) forwarded me a domain that has been phishing for Binance logins — logins-binance.com12754825.ml.
This domain has a different phishing kit to previous ones we’ve seen, as it changes the user sign-in journey to collect personal information to eventually use in social engineering methods — this server does not communicate with the Binance domain.
The code also sent emails to various bad actors. The domains he found, including the nonsensical com12754825.ml one, seem to have been shut down and emails to the embedded addresses went unanswered. As we see, security is almost 90% about making sure that login screens and URLs look right and the rest, it seems, is luck.
Denley is Director of Security at MyCrypto.com and he last reported on a massive hole in an open source paper wallet generator.
Header image via Coindesk Archive
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
These Three Metrics Show Bitcoin Found Strong Support Near $80,000
Onchain data shows multiple cost basis metrics confirm heavy demand and investor conviction around the $80,000 price level.
What to know:
- Bitcoin rebounded from the $80,000 region after a sharp correction from its October all time high, with price holding above the average entry levels of key metrics.
- The convergence of the True Market Mean, U.S. ETF cost basis, and the 2024 yearly cost basis around the low $80,000 range highlights this zone as a major area of structural support.
Top Stories
