Binance will forcibly remove inactive API keys of users
3 minutes
BeginnerRemote access to exchange accounts will be disabled if digital keys have not been used for 30 days.
Binance exchange has informed its users that it will be removing inactive API keys older than 30 days and non-whitelisted IP addresses. This was reported by cryptocurrency journalist Colin Wu on Twitter (the social network is blocked in Russia).
API (Application Programming Interface) is a tool that allows connecting to exchange servers and using the data obtained from there in external applications. By connecting to the API, you can view wallet information, including transaction data, make trades, deposit and withdraw funds through third-party programs. An API key is a digital code that allows an external program to perform actions on the exchange on behalf of the user.
The recent leak of API keys has led to malicious actors trading on various cryptocurrency exchanges on behalf of users whose keys were compromised.
The first victims of the new hackers were clients of the FTX exchange, who began reporting account theft and loss of funds in mid-October. On this platform, hackers used the trading pair DMG/USD (DMG - DMM Governance, a governance token) in their scheme. On October 24, the founder of the American exchange, Sam Bankman-Fried, announced that FTX would provide about $6 million in compensation to account holders affected by the incident.
After the FTX customer hacks, the cryptocurrency algorithmic trading platform 3Commas, which was used by some of the affected exchange clients, warned of a compromise of several users' API keys, which were subsequently used to carry out unauthorized transactions.
According to 3Commas, the data theft occurred outside of their system as a result of a phishing attack conducted on fake websites that imitated the 3Commas resource. The company assured that there were no security breaches in the account security systems and API encryption of 3Commas and partner exchanges.
Hackers who stole funds from FTX exchange users also targeted the Binance US and Bittrex platforms, according to X-explore, a company that detected suspicious transactions at the end of October. According to analysts, more than 1,000 ETH ($1.4 million) was stolen from the US-based Binance platform. The hackers also stole 301 ETH ($400,000) from the Bittrex exchange.
Binance did not show a noticeable reaction to these hacks for a long time. Only in mid-November, Changpeng Zhao announced that at least three cases had been detected where users shared their API keys with third parties (Skyrex and 3Commas platforms), after which unexpected trading was observed from their accounts. Zhao strongly recommended that users who previously used these platforms remove such keys.
In December, Binance users began to report unauthorized trading activities on their accounts. Everyone who encountered this issue used 3Commas. It turned out that funds from clients who had issued API keys with trading access through this platform were used to artificially inflate the price of low-liquidity tokens that were previously purchased by hackers.
Trader widely known in the crypto community under the pseudonym CoinMamba began actively complaining that Binance was not responding appropriately to the loss of funds by users due to the theft of their API keys. As a result of his dispute with customer support and Zhao, CoinMamba's account on Binance was blocked.
The situation gained wide publicity as CoinMamba has a large active audience on social media. The cryptocurrency exchange had to take a closer look at the problem and take active steps to solve it.