A trader hacked his Binance account, following a loss of API keys on the trading service he was using. The criminals then used the victim’s account to manipulate the price of the AXS token, which saw a 200% increase in minutes.
API keys were leaked and a trader had his account hacked
On Sunday afternoon, a trader had the nasty surprise to see unwanted positions taken on your Binance account. The hack actually results in a data leak of the victim’s API keys, allowing him to link his Binance account to the trading service he was using:
I just got REKT. pic.twitter.com/iGOocFZynU
– CarlosOMFGtv (0%) (@CarlosOMFG) November 13, 2022
The hacker has thus opened more positions in order to manipulate the price of the AXS, the token of the blockchain game Axie Infinity. The price of the asset then recorded 200% progress. in the span of a few minutes before collapsing later and almost returning to the original level:
Figure 1 – AXS price in minutes at the time of the trade
The victim also explains which would have lost about $ 100,000 following this attack. It’s a safe bet that the hackers hoarded AXS in advance, to sell it as a result of their market manipulation.
👉 To go further – Find our guide on best practices to limit the risk of hacks
The French unicorn of crypto wallets 🔒
A complete crypto experience, from purchase to security
Binance is handling the case
If the victim’s funds were on Binance, it’s important to point this out the breach of security is not attributable to the platform.
Changpeng Zhao (CZ), the CEO of the exchange, made it clear that there would be at least three similar casesincluding the one discussed in this article:
We have seen at least 3 cases of users sharing their API key with third party platforms (Skyrex and 3commas) and we have encountered unexpected trades on their accounts. If you’ve used such a platform before, I highly recommend deleting your API keys just to be safe. 🙏
– CZ 🔶 Binance (@cz_binance) November 14, 2022
Losses are about people using the services of Skyrex and 3commas trading bot. CZ also indicated that Binance will investigate further:
“Carlos (the victim, ed) confirmed that the unknown orders were due to a leak in his API key. She only has one active API key and has been used on Skyrex, a cryptocurrency trading bot platform. We will try to deactivate all the API keys used by Skyrex, discovering now how to identify them. “
API connections in the cryptographic ecosystem
API connections they are useful for several scenarios in our ecosystem. For example, only reading our accounts on centralized platforms will be useful for solutions like Waltio, allowing us to centralize our transaction history in order to facilitate our tax return.
But a further use allows for example to do so granting permissions to trading bots or trading terminals, so you can remotely interact with an exchange. In this case, you need to precisely define the permissions you want to grant to this link:
Figure 2 – Configuring an API key on Binance
So there may be a point of failure in the third party service to which we have provided this connectionand this is what seems to have happened in the case set out above.
As with any project, these services must therefore also be subject an in-depth analysis before granting them access to our investments, to protect themselves from certain disappointments.
👉 Also in the news – FTX case – Binance offers an emergency fund for the entire crypto ecosystem
Join experts and a premium community
Invest in your cryptocurrency knowledge for the next bull run
Source: Binance, TradingView
Receive a cryptocurrency news summary every Monday via email 👌
What you need to know about affiliate links. This page presents assets, products or services related to investments. Some links in this article are affiliates. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and cannot be held responsible, directly or indirectly, for any damage or loss caused as a result of the use of a good or service highlighted in this article. Investments related to cryptocurrencies are risky by nature, readers should do their own research before taking any action and invest only within the limits of their financial capabilities. This article does not constitute investment advice.