[ad_1]
Changpeng Zhao (CZ), the CEO of Binance, has addressed concerns surrounding the investigation into âabnormal price movementsâ for some trading pairs on the exchange.
Based on our investigations so far, this appears to be just market behavior. One guy deposited funds and started buying. (Hackers donât deposit). Other guys followed. Canât see linkage between the accounts. 1/3 https://t.co/QlB1VnlHVs
â CZ đ¶ Binance (@cz_binance) December 11, 2022
CZ reported that the firm had temporarily locked withdrawals for âsome of the profiting accountsâ that had caused complaints on social media.
In a statement, CZ said:
âWe are aware of the concept of too much intervention from the platform, âtoo centralizedâ attacks, etc. There is a balance to how much we should intervene. Sometimes, these happen in free market, and we need to let it play out.â
Binanceâs official Twitter account announced that the suspicious activity that sparked concern on social media did not appear to be caused by hacked accounts or stolen API keys and that funds are âSAFU.â
This activity does not appear to be due to compromised accounts or stolen API keys; funds are SAFU.
We will update this thread should there be any new information.
â Binance (@binance) December 11, 2022
However, CoinMamba, a futures trader and crypto investor, revealed a different perspective on the situation when they declared on Dec. 8 that their Binance account was hacked through an API created two years ago, submitted exclusively to 3Commas, a crypto trading software provider.
The API was only submitted to 3Commas and nowhere else, which I havenât used since creating an account there. If you have similarly submitted your API there, you should immediately delete them from your Binance account.
â CoinMamba (@coinmamba) December 8, 2022
CZ responded to CoinMamba, explaining that Binance had âseen multiple cases related to 3Commas,â and claims that users were phished.
I havenât used 3Commas for almost 2 years and didnât even remember I had an account there. This is definitely not a phishing case.
Also I didnât have an IP whitelist for my API keys but for some reason they were kept active. They shouldâve been disabled by you.â CoinMamba (@coinmamba) December 9, 2022
Phishing attacks have been an ongoing theme, as seen in Oct. on exchanges like FTX and Binance, where users fell prey to phishing attacks targeting crypto services like 3Commas.
Though CoinMamba discarded the idea of this being a phishing case, 3Commas provided a full investigation blog post of the API key attacks on Dec. 10, describing the modern evolution of âphishing.â
âOver time, phishing has evolved to incorporate new attack vectors, such as paying to advertise imitation websites high in search engine rankings or to incorporate malware as part of the attack. Also, phishing has been known to target specific groups of people, high net-worth individuals or even companies (known as âSpear phishingâ or âWhale phishingâ)â
Despite the investigative post by 3Commas, concerns surrounding stolen API keys only grew as more Twitter users revealed losses and described 3Commas as âNOT Safe.â
On 12/6/22, A 3Commas API (Free Account) I setup over 2 Years ago and forgot about suddenly became active and began performing unauthorized trades on my Binance Account:
â $155K Losses (Contra-Traded)3Commas failed to protect customer API data. 3Commas is NOT Safe: pic.twitter.com/KkhVwVM9YA
â Joel (@akng1985) December 7, 2022
Even on-chain Sleuth, ZachXBT, weighed in on the discussion:
And 3Commas is still claiming people were just âphishedâ lol pic.twitter.com/Ka7HI53oAL
â ZachXBT (@zachxbt) December 8, 2022
With surmounting evidence confirming stolen API keys at 3Commas, loss of funds by multiple users, and current API data vulnerability, it is doubtful that funds are âSAFU.â
Following a Twitter debate between CoinMamba and CZ to its conclusion, a deleted comment by CZ revealed retaliatory comments suggesting the âoffboardingâ of both 3Commas and CoinMambaâs Binance accounts.
Tweet deleted. But CT remembers.. pic.twitter.com/p5nkeDmhe1
â CoinMamba (@coinmamba) December 9, 2022
On Dec. 9, CoinMambaâs declared that their Binance account had been closed and received an explanatory response from Binanceâs Customer Support Twitter account.
Your account was placed into withdrawal only mode. The decision was in response to threats you made to our CS, not related to our Twitter dialogue. We pulled together a team of over 20 case agents to try and help you. We are sorry it has come to this, but wish you all the best. pic.twitter.com/lTkKy2WnJS
â Binance Customer Support (@BinanceHelpDesk) December 9, 2022
[ad_2]
Source link