Binance CEO Changpeng Zhao (CZ) has addressed concerns regarding the exchange’s investigation of “abnormal price movements” for some trading pairs.
Based on our research so far, this appears to be just market action. One man deposited funds and started buying. (Hackers don’t deposit). Other men followed. I don’t see links between accounts. 1/3 https://t.co/QlB1VnlHVs
— CZ🔶 Binance (@cz_binance) December 11, 2022
CZ reported that the company has temporarily locked withdrawals for “some profitable accounts” that have sparked complaints on social media.
In a statement, CZ said:
“We recognize concepts such as too much intervention from the platform and ‘too centralized’ attacks. There is a balance in the amount of intervention. Sometimes these things happen in the free market and we have to let it unfold. ”
Binance’s official Twitter account announced that the suspicious activity that caused concern on social media was not due to the account being hacked or stolen API keys, but that the funds were “SAFU”.
This activity does not appear to be due to compromised accounts or stolen API keys. Funding is SAFU.
I will update this thread with any new information.
— Binance (@binance) December 11, 2022
However, futures trader and crypto investor CoinMamba said on Dec. 8 that his Binance account was hacked via an API created two years ago and submitted exclusively to crypto trading software provider 3Commas. He revealed a different perspective on the situation when he declared that
The API was only sent to 3Commas and nowhere else. I created an account there and haven’t used it since. Similarly, if you submit an API, you should immediately remove it from your Binance account.
— Coinmamba (@coinmamba) December 8, 2022
CZ replied to CoinMamba, explaining that Binance “confirmed multiple cases related to 3Commas,” claiming users were phished.
I hadn’t used 3Commas in almost two years and didn’t even remember having an account with 3Commas. This is definitely not a case of phishing.
Also, I didn’t have an IP whitelist for my API key, but for some reason it remained active. They should have been disabled by you.
— Coinmamba (@coinmamba) December 9, 2022
Phishing attacks are an ongoing theme, with users falling prey to phishing attacks targeting crypto services such as 3Commas, as seen on exchanges such as FTX and Binance in October.
CoinMamba dismissed the notion that this was a phishing incident, but 3Commas Full Survey Blog Post The December 10 API key attack describes the latest evolution of “phishing.”
“Over time, phishing has evolved to introduce new attack vectors, such as paying to promote fake websites that rank high in search engines, or embedding malware as part of an attack. Phishing is also known to target specific groups of people, wealthy individuals and even businesses (known as “spear phishing” or “whale phishing”). increase)”
Despite 3Commas posting an investigation, concerns about stolen API keys only increased as more Twitter users disclosed the loss and described 3Commas as “insecure.”
I forgot that on December 6, 2022, the 3Commas API (free account) that I set up over 2 years ago suddenly became active and started performing fraudulent transactions on my Binance account.
– $155,000 loss (reverse trade)
3Commas failed to protect customer API data. 3 commas are unsafe: pic.twitter.com/KkhVwVM9YA
— Joel (@akng1985) December 7, 2022
Even on-chain detective ZachXBT joined the discussion.
And 3Commas keeps claiming people were just “phished” lol pic.twitter.com/Ka7HI53oAL
—ZachXBT (@zachxbt) December 8, 2022
We doubt that the funds are “SAFU” as there is a lot of evidence confirming stolen API keys at 3Commas, loss of funds by multiple users, and vulnerabilities in current API data.
After a Twitter debate between CoinMamba and CZ came to a conclusion, comments deleted by CZ revealed retaliatory comments suggesting the “offboarding” of both 3Commas and CoinMamba’s Binance accounts.
Deleted the tweet. But CT remembers.. pic.twitter.com/p5nkeDmhe1
— Coinmamba (@coinmamba) December 9, 2022
On December 9th, CoinMamba’s announced that the Binance account was closed and received an clarification response from Binance’s customer support Twitter account.
Your account is in withdrawal-only mode. This decision was made in response to the threats you made to our CS and has nothing to do with our conversations on Twitter. We assembled her team of over 20 case agents to try and help our customers. I’m sorry for this result, but I wish you the best of luck. pic.twitter.com/lTkKy2WnJS
— Binance Customer Support (@BinanceHelpDesk) December 9, 2022