Binance will forcibly remove users' inactive API keys
Remote access to exchange accounts will be disabled if digital keys have not been activated for 30 days.
The Binance exchange informed users that it will remove inactive API keys older than 30 days and IP addresses that are not whitelisted.
API (Application Programming Interface) - a tool that allows you to connect to the servers of the exchange and use the data obtained from them in external applications. By connecting to the API you can view information about the wallet, including data on transactions, make transactions, deposit and withdraw funds through third-party programs. An API key is a numerical code that allows an external program on behalf of a user to perform actions on an exchange.
Recent API key leaks have led to various crypto-exchanges being used by attackers to trade on behalf of users whose keys they have obtained.
Customers of FTX exchange were the first to suffer from new hackers: they began to report account thefts and loss of funds in mid-October. Hackers used DMG/USD (DMG stands for DMM Governance, a management token) in their scheme for this platform. On October 24, Sam Bankman-Fried, founder of the American exchange, announced that FTX would provide about $6 million in compensation to account holders affected by the incident.
Following the hacking of FTX customers, cryptocurrency algorithmic trading platform 3Commas, which was used by losing exchange customers, warned of the compromise of a number of user API keys, which were subsequently used to make unauthorized transactions.
According to 3Commas, the data theft occurred outside of their system as a result of a phishing attack conducted on fake sites that mimicked the 3Commas resource. The company assured that there were no breaches in the account security and encryption systems of 3Commas and partner exchanges' APIs.
Hackers who stole money exchange FTX, attacked the platform Binance US and Bittrex, also reported in late October, the company said X-explore, which found suspicious transactions. From Bittrex exchange intruders stole 301 ETH ($ 400 thousand).
Binance for a long time did not show any noticeable reaction to these hacks. It wasn't until mid-November that Changpeng Zhao reported that at least three cases were discovered where users had shared their API keys with third parties (Skyrex and 3Commas exchanges), after which they observed unexpected trading from their accounts. Zhao strongly advised users who had previously used these platforms to remove such keys.
In December, Binance users began complaining en masse about unauthorized trading on their accounts. Everyone who encountered this was using 3Commas. It turned out that customer funds, which had issued API keys with access to trading through this platform, were used to artificially inflate the price of low-liquid tokens, which were pre-purchased by criminals.
The trader, widely known in the cryptocurrency community under the pseudonym CoinMamba, began to actively complain that Binance did not properly respond to users' loss of funds due to the theft of their API keys. As a result of his dispute with tech support and Zhao, CoinMamba's Binance account was blocked.
The situation received widespread publicity because CoinMamba has a large active audience in social networks. The crypto exchange had to pay more attention to the problem and start taking active steps to resolve it.
