Safe from account takeover attacks

Johannesburg, 07 Sep 2023
Be wary of suspicious e-mails or messages.
Be wary of suspicious e-mails or messages.

In the current era of digitalisation, where people store sensitive information online, account takeover (ATO) attacks have become a growing concern. Data breaches have increased, with attackers constantly looking for vulnerabilities to exploit. Due to the growing sophistication of attackers, the shift to remote work and digital transactions, and the increasing value of stolen data, the number of ATO attacks has also risen at an alarming rate.

To help users protect themselves against the rise of ATO attacks, Binance shares how ATO attacks work, how to identify them and their impacts.

What are ATO attacks and how do they work?

ATO attacks occur when an attacker gains unauthorised access to a victim’s online account, usually by stealing their login credentials. This could be done through various means, such as phishing scams, social engineering or brute force attacks.

Once the attacker has access to the account, they might be able to make purchases, transfer money or access sensitive information. As such, ATO attacks can have severe consequences for both individuals and businesses.

The goals of ATO attacks can vary depending on the attacker’s motives. Some common goals include:

  • Financial gain: The attacker could use the victim’s account to make purchases, transfer money or steal sensitive financial information.
  • Identity theft: The attacker steals the victim’s personal information, such as their name, address and social security number, to commit fraud.
  • Espionage: The attacker gains access to the victim’s account to steal sensitive information, such as trade secrets or confidential data.
  • Malicious activity: The attacker uses the victim’s account to engage in malicious activity, such as spreading malware or launching a DDOS attack.

Attackers use a variety of techniques to gain access to user accounts. Common attack techniques include:

  • Brute force attacks: The attacker uses automated tools to guess the user’s login credentials by trying many combinations of usernames and passwords.
  • Social engineering: The attacker tricks users into revealing their login credentials through deception or manipulation.
  • Phishing scams: The attacker sends an e-mail or message that appears to be from a legitimate source, such as a bank or a social media site, asking the user to click on a link and enter their login credentials.
  • Malware: The attacker may use malicious software (malware) to compromise the user’s device.
  • API attacks: The attacker uses, or attempts to use, an API in a hostile manner to gain access to the user’s data. These assaults attempt to exploit weaknesses in business logic, forcing APIs to behave in ways that their creators never intended.

Once the attacker has gained access to the account, they can change the password, lock the legitimate user out and take control of the account.

How to identify an account takeover attack

Detecting a potential ATO attack can be difficult, especially after the fact. Nevertheless, here are some common signs to keep an eye on.

Unusual activity

Watch out for unusual account activity, such as unauthorised purchases, changes to your account settings or unexpected logins from unknown devices. Login attempts from unknown locations or IP addresses may also indicate that someone is trying to break into your account.

Changes in account credentials

When an attacker successfully gains control of an account, they often try to alter the login credentials so that the original account owner can no longer access their account. In some cases, the attacker will make changes to multiple accounts simultaneously (eg, changing the credentials of your e-mail, social media and YouTube accounts). When similar changes are made across multiple accounts, it’s usually a clear indication that an account hacking has occurred.

Unknown devices

Cyber criminals frequently disguise the equipment they are using through a process known as device spoofing. The system will identify spoofed devices as “unknown”, making them more challenging to locate. An unusually high number of unknown devices linked to your account is a common sign of an impending ATO attack.

Multiple accounts from the same device

Occasionally, attackers don’t spoof or hide their devices when logging into various accounts. As a result, if the attacker accesses multiple accounts, they will all be connected to a single device.

How account takeover attacks can impact individuals and businesses

The impact of ATO attacks can be significant for both individuals and businesses. For individuals, the consequences can include financial loss, identity theft and reputational damage. For businesses, the consequences can include data breaches, financial loss, regulatory fines, reputational damage and loss of customer trust.

How to prevent account takeover attacks

ATO attacks are a growing concern for individuals and businesses. It’s essential to protect yourself by using protective measures like strong passwords, enabling two-factor authentication and being wary of suspicious e-mails or messages.

At Binance, our security teams constantly monitor suspicious activity and optimise security measures. Whenever we receive an ATO report from users, we carefully investigate the causes and do whatever we can to assist the victims.

While Binance does everything to help keep your account safe, you also have the power to take security into your own hands. By following precautions like the ones mentioned in this press release, you can help safeguard your sensitive information and reduce your risk of falling victim to an ATO attack. If you suspect that your Binance account might be compromised, contact customer support as soon as possible.



Binance is the world’s leading blockchain ecosystem and cryptocurrency infrastructure provider with a financial product suite that includes the largest digital asset exchange by volume. Trusted by millions worldwide, the Binance platform is dedicated to increasing the freedom of money for users and features an unmatched portfolio of crypto products and offerings, including trading and finance, education, data and research, social good, investment and incubation, decentralisation and infrastructure solutions, and more. For more information, visit

Risk Warning: Digital asset prices are subject to high market risk and price volatility. The value of your investment may go down or up, and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance is not liable for any losses you may incur. Past performance is not a reliable predictor of future performance. You should only invest in products you are familiar with and where you understand the risks. You should carefully consider your investment experience, financial situation, investment objectives and risk tolerance and consult an independent financial adviser before investing. This material should not be construed as financial advice. For more information, see our Terms of Use and Risk Warning.