Binance Hacked by False Trading Bot Platforms – CZ Asks Users to Delete API Keys

Binance Hacked by False Trading Bot Platforms – CZ Asks Users to Delete API Keys

Amidst the tumultuous market conditions induced by the collapse of FTX, Binance, the world’s largest cryptocurrency exchange, has suffered a compromise by false trading bot platforms, as users fell victim to phishing scams.

Binance Compromised in Latest Exchange Attack

Following the mysterious attack on beleaguered crypto exchange, FTX, a number Binance users have reported the occurence of an exploit on the exchange, with funds being drained and transferred by hackers. 

The Binance accounts are those owned by users who registered for third-party trading bots such as 3Commas and Skyrex. In an elaborate ploy, hackers developed a mock-up app resembling 3Commas in order to lure in users and trick them into sharing sensitive information.

Binance users who registered on these fake trading bot platforms had their exchange API identifiers stolen, which the attackers swiftly used to execute trades and steal funds from the accounts of victims.

CZ Tells Victims to Delete Their APIs

Binance CEO Changpeng “CZ” Zhao has since asked users who shared their API keys with such third-party platforms, and reported unexpected activity on their Binance accounts, to delete their APIs.

API keys provide third parties with authorization to access a user’s accounts for trading. The plea from the Binance boss is hence aimed at preventing any further attacks by third-party platforms on accounts on the platform. CZ tweeted:

.tweet-container,.twitter-tweet.twitter-tweet-rendered,blockquote.twitter-tweet{min-height:261px}.tweet-container{position:relative}blockquote.twitter-tweet{display:flex;max-width:550px;margin-top:10px;margin-bottom:10px}blockquote.twitter-tweet p{font:20px -apple-system,BlinkMacSystemFont,”Segoe UI”,Roboto,Helvetica,Arial,sans-serif}.tweet-container div:first-child{
position:absolute!Important
}.tweet-container div:last-child{
position:relative!Important
}

function lazyTwitter(){var i=function(t){if(!t)return;var n=t.getBoundingClientRect();return 2500>n.top||-2500>n.top};if(!i(document.querySelector(“.twitter-tweet”)))return;var s=document.createElement(“script”);s.onload=function(){};s.src=”//platform.twitter.com/widgets.js”;document.head.appendChild(s);document.removeEventListener(“scroll”,lazyTwitter);document.removeEventListener(“touchstart”,lazyTwitter);console.log(“load twitter widget”)}document.addEventListener(“scroll”,lazyTwitter);document.addEventListener(“touchstart”,lazyTwitter);lazyTwitter()

On the Flipside

  • CZ stated that Binance will move to disable all API keys used by Skyrex, even without action from users, out of caution, and to avoid risk of any further aggravation. 

Why You Should Care

Although Binance is not directly responsible for the hack, the exchange has provided a solution to contain the damage caused to users by the phishing scam.

Back to Top
Close Zoom
Don't push your luck