Remote access to exchange accounts will be disabled if digital keys have not been used within 30 daysBinance has informed users that it will remove inactive API keys older than 30 days and non-whitelisted IP addresses. This was announced by crypto journalist Colin Wu on Twitter .
Binance recently told users that it will delete inactive API keys older than 30 days and not whitelisted IPs. Previously, trading robots such as 3Commas were suspected of leaking API KEYs because users logged in to phishing websites. Exclusive https://t.co/jfGU0JoqYw
— Wu Blockchain (@WuBlockchain) December 20, 2022
API (Application Programming Interface) is a tool that allows you to connect to the exchange servers and use the data received from there in external applications. By connecting to the API, you can view wallet information, including transaction data, make transactions, deposit and withdraw funds through third-party programs. An API key is a digital code that allows an external program to perform actions on the exchange on behalf of the user.
A recent leak of API keys led to the fact that on various crypto exchanges, attackers traded on behalf of users whose keys they received at their disposal.
The first to be hit by the new hackers were FTX clients, who began reporting account theft and loss of funds in mid-October. On this platform, the hackers used the DMG/USD trading pair (DMG – DMM Governance, governance token) in their scheme. On October 24, the founder of the American exchange, Sam Bankman-Fried, said that FTX would provide about $6 million in compensation to account holders affected by the incident.
In the aftermath of the FTX client hacks, 3Commas, an algorithmic cryptocurrency trading platform that lost funds to exchange clients, warned that a number of user API keys had been compromised, which were subsequently used to make unauthorized transactions.
The 3Commas team was made aware of an unlawful trading event involving the usage of a partner exchange’s API keys that had been taken from 3Commas users on October 20. Through a phishing attempt on fake websites designed to seem like the 3Commas interface, the theft took place away from the 3Commas system. Both 3Commas’ account security and API encryption systems as well as the account security and API encryption systems of our partner exchanges have not been compromised.
According to 3Commas, the data theft occurred outside of their system as a result of a phishing attack carried out on fake sites imitating a 3Commas resource. The company assured that there were no breaches in the account security and encryption systems of the 3Commas API and partner exchanges.
At this time, just three people claim to have been impacted. We have confirmed that some people who are claiming to be victims of this phishing attack on social media platforms are not clients of 3Commas. They are making contradictory and misleading claims about the facts.
Hackers who stole funds from users of the FTX exchange attacked the Binance US and Bittrex platforms, X-explore also reported at the end of October, which discovered suspicious transactions. According to analysts, more than 1,000 ETH ($1.4 million) was stolen from the American platform Binance. Attackers stole 301 ETH ($400,000) from the Bittrex exchange.
Binance did not show any noticeable reaction to these hacks for a long time. Only in mid-November, Changpeng Zhao reported that at least three cases were discovered when users shared their API keys with third parties (Skyrex and 3Commas platforms), after which they observed unexpected trading from their accounts. Zhao strongly recommended that users who have previously used these sites remove such keys.
Exchanges offer API interfaces for withdrawing funds, requesting assets, and conducting high-frequency & quantitative transactions to assist users and marketmakers. Additionally, DEX platforms like DYDX offer API interface.
As a result, various trading robot services are available on the market that can perform grid trading, quantitative trading, and historical data simulation testing. Platforms like 3Commas, Cryptohopper, and Quadency are well-known ones. These APIs can implement tax calculating features and produce yearly tax reports for consumers in the interim. TokenTax and CoinTracker are the two well-known platforms.
In December, Binance users started complaining en masse about unauthorized trading with their accounts. Everyone who encountered this used 3Commas. It turned out that the funds of clients who had issued API keys with access to trading through this platform were used to artificially inflate the price of low-liquid tokens that the attackers bought in advance.
A trader, widely known in the crypto community under the pseudonym CoinMamba, began to actively complain that Binance did not respond properly to the loss of funds by users due to the theft of their API keys. As a result of his dispute with tech support and Zhao, CoinMamba’s Binance account was suspended.
3Commas used exploits on several platforms in addition to CoinMamba. More than a dozen users have accused the cryptocurrency trading site of disclosing their login information and allowing thieves to take their money. The CEO of the site, on the other hand, dismissed those accusations as “false rumors.” The exploits affected other other exchanges in addition to Binance.
There is absolutely no way for us to be confident users didn’t steal their own API keys, CZ stated in response to CoinMamba on Friday. Following that, CoinMamba began tweeting frequently, calling CZ “greedy” and asserting that “all of these exchanges are sketchy.”
This type of communication has to be done through email and not on CZ’s twitter account. Not everyone is using Twitter and even those who use can still miss it like me. Binance should take action and be more responsible in helping users to secure their funds. https://t.co/tmTEujuZZ1
— CoinMamba (@coinmamba) December 8, 2022
The situation has received wide publicity as CoinMamba has a large active audience on social networks. The crypto exchange had to take a closer look at the problem and take active steps to solve it.