A trader’s Binance account was hacked after the API keys on the trading service he was using were leaked. The perpetrator(s) then used the victim’s account to manipulate the price of the AXS token, which rose 200% in a matter of minutes.
API keys leak and trader’s account is hacked
On Sunday afternoon, a trader was unpleasantly surprised to see unwanted trades in his Binance account. The hack actually involves a data leak of the victim’s API keys, allowing him to link his Binance account to the trading service he was using:
Anyone wondering why AXS is pumping. Someone, somehow bought a million dollars worth on my @cz_binance @binance account. I have multiple security levels, nobody accessed my account…
WTF!?
I just got REKT. pic.twitter.com/iGOocFZynU
– CarlosOMFGTv (0%) (@CarlosOMFG) November 13, 2022
The hacker opened multiple positions in order to manipulate the price of AXS, the token of the Axie Infinity blockchain game. The price of the asset rose by 200% in a matter of minutes before collapsing to almost its original level:
Figure 1 – AXS price in minutes at the time of the operation
The victim also explains that he lost about $100,000 as a result of the attack. It is likely that the hackers had accumulated AXS beforehand, in order to sell it following their market manipulation.
Binance takes up the case
While the victim’s funds were on Binance, it is important to note that the security breach was not the fault of the platform.
Changpeng Zhao (CZ), the exchange’s CEO, said there would be at least three similar cases, including the one discussed in this article:
We saw at least 3 cases of users who shared their API key with 3rd party platforms (Skyrex and 3commas), and saw unexpected trading on their accounts. If you used such a platform before, I highly recommend you to delete your API keys just to be safe.
– CZ Binance (@cz_binance) November 14, 2022
The leaks would involve people using the services of trading bots Skyrex and 3commas. CZ also said Binance would investigate further:
Carlos (the victim) confirmed that the unknown orders were due to a leak of his API key. He only has one active API key and it was used on Skyrex, a crypto trading bot platform. We will try to disable all API keys used by Skyrex, figuring out how to identify them now. “
API connections in the crypto ecosystem
API connections are useful for several scenarios in our ecosystem. For example, a read-only of our accounts on centralized platforms will be useful for solutions like Waltio, allowing us to centralize our transaction history to facilitate our tax filing.
But a more advanced use allows, for example, to give authorisations to trading bots or trading terminals, so as to be able to interact in a remote way with an exchange. In this case, it is necessary to define precisely the authorisations you wish to grant to this connection:
Figure 2 – Setting up an API key on Binance
a point of failure may then be in the third party service to which we have provided this connection, and this is what appears to have happened in the case previously discussed.
So, as with any project, these services also need to be thoroughly analysed before we give them access to our investments, to avoid any setbacks.
