Skip to Content

1396k_вњґпёџhq_crypto_target_combolistвњґпёџbinance,_ic...

: The bot automatically attempts to log in to high-value sites like Binance using every pair in the list [4].

: Enable hardware-based (YubiKey) or app-based (Google Authenticator) MFA. Avoid SMS-based MFA, as it is vulnerable to SIM swapping [7].

: If a user reused a password from an old breach on their Binance account, the attacker gains access to their funds [5]. Immediate Risks and Mitigation : The bot automatically attempts to log in

In cybersecurity, a "combolist" is a text file containing lists of login credentials stolen from previous data breaches [1, 2]. This specific list is marketed or shared in underground forums with several key characteristics:

: An attacker loads the 1.39M credentials into a "checker" or "sentry" bot [2]. : If a user reused a password from

: "1396K" indicates the list contains approximately 1.39 million pairs of credentials [2].

Cybercriminals use these lists in attacks: : "1396K" indicates the list contains approximately 1

: The list is likely compiled from breaches of crypto-adjacent websites (forums, news sites, or smaller exchanges), under the assumption that users often reuse passwords across different financial platforms [1, 4]. How the Attack Works

Recent Posts

//z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=f0b4d8e9-228f-4af2-afbc-69062252466b
//z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=f0b4d8e9-228f-4af2-afbc-69062252466b