The Binance exchange informed users that it will delete inactive API keys older than 30 days and IP addresses that are not whitelisted. This was reported by crypto journalist Colin Wu on Twitter (the social network is blocked in Russia).
API (Application Programming Interface) is a tool that allows users to connect to the exchange servers and use the data received from there in external applications. By connecting to the API, you can view information about the wallet, including transaction data, make transactions, deposit and withdraw funds through third-party programs. The API key is a digital code that allows an external program to perform actions on the exchange on behalf of the user.
The recent leak of API keys led to the fact that attackers traded on behalf of users whose keys they had at their disposal on various crypto exchanges.
FTX exchange clients were the first to suffer from new hackers: they started reporting account thefts and loss of funds in mid-October. On this platform, hackers used the DMG/USD trading pair (DMG — DMM Governance, management token) in their scheme. On October 24, the founder of the American stock exchange, Sam Bankman-Fried, said that FTX will provide about $6 million in compensation to account holders affected by the incident.
After the FTX clients were hacked, the 3Commas platform for algorithmic cryptocurrency trading, with which the exchange clients who lost funds worked, warned about the compromise of a number of API keys of users, which were subsequently used to make unauthorized transactions.
According to 3Commas, the data theft occurred outside of their system as a result of a phishing attack carried out on fake websites simulating the 3Commas resource. The company assured that there were no violations in the account security and encryption systems of the 3Commas API and partner exchanges.
Hackers who stole funds from FTX exchange users attacked the Binance US and Bittrex platforms, X-explore company also reported at the end of October, which discovered suspicious transactions. According to analysts, more than 1 thousand were stolen from the American Binance platform. ETH ($1.4 million). Attackers stole 301 ETH ($400 thousand) from the Bittrex exchange.
Binance has not shown a noticeable reaction to these hacks for a long time. Only in mid-November, Changpeng Zhao reported that at least three cases were discovered when users shared their API keys with third parties (Skyrex and 3Commas platforms), after which they observed unexpected trading from their accounts. Zhao strongly recommended removing such keys to users who had previously used these sites.
In December, Binance users began to complain en masse about unauthorized trading operations with their accounts. Everyone who encountered this used 3Commas. It turned out that the funds of customers who had API keys issued with access to trading through this platform were used to artificially inflate the price of low-liquid tokens, which were purchased in advance by attackers.
The trader, widely known in the crypto community under the pseudonym CoinMamba, began to actively complain that Binance does not respond properly to the loss of funds by users due to the theft of their API keys. As a result of his dispute with tech support and Zhao, CoinMamba's account on Binance was blocked.
The situation has been widely publicized, since CoinMamba has a large active audience in social networks. The crypto exchange had to pay more attention to the problem and begin active actions to solve it.