Hack Alert: Binance's API Is Compromised, Here's What You Need to Do
After the recent suspicious hack of the FTX exchange, Binance users with a large portfolio on the exchange reported that someone got access to his account and placed a massive order on AXS token, buying $1 million worth of the digital assets. However, Binance is not to blame.
In a Twitter thread, the CEO of the exchange himself posted his concern about the situation and stated that Binance is trying to understand what might be the issue. Shortly after, CZ came up with an explanation, confirmed by the user, who almost lost his funds.
Carlos confirmed the unrecognized orders were due to his API key leakage. He only has one active API key and it was used on Skyrex, a crypto trading bot platform. We will try to disable all API keys that was used by Skyrex, figuring out how to identify them now. — CZ 🔶 Binance (@cz_binance) November 14, 2022
The root of the problem is Binance's API key used for placing orders via various accounts, managing solutions like trading bots or platforms that have more advantages compared to the traditional trading desk.
The Skyrex crypto trading bot was the solution used by the Binance user who had to close an unwanted position of AXS. However, the API leak might not be tied to the project but to the user himself, who could have accidentally leaked it. If Skyrex is the source of the leak, users should immediately revoke APIs through their account setting on Binance to avoid potential issues with their accounts.
According to CZ's statement, they will disable all API keys used by Skyrex even without action from their users to avoid the further aggravation of the leak. Reportedly, only one account became a victim of hackers, but it is not clear whether they gained access to the funds of other prominent users or not.
At press time, the token purchased by hackers has returned to its usual trading range regardless of the massive 171% spike.Source