Changpeng Zhao (CZ), the CEO of Binance, has addressed concerns surrounding the investigation into “abnormal price movements” for some trading pairs on the exchange.
Based on our investigations so far, this appears to be just market behavior. One guy deposited funds and started buying. (Hackers do not deposit). Other boys followed. Can’t see the link between the accounts. 1/3 https://t.co/QlB1VnlHVs
— CZ ? Binance (@cz_binance) December 11, 2022
CZ reported that the company had temporarily blocked withdrawals for “some of the profitable accounts” that had caused complaints on social media.
In a statement, CZ said:
“We are aware of the concept of too much platform intervention, “too centralized” attacks, etc. There is a balance on how much we should intervene. Sometimes this happens in the free market and we have to let it play out.”
Binance’s official Twitter account announced that the suspicious activity raising concern on social media did not appear to be caused by hacked accounts or stolen API keys and that the funds are “SAFU.”
This activity does not appear to be due to compromised accounts or stolen API keys; funds are SAFU.
We will update this thread in case there is new information.
—Binance (@binance) December 11, 2022
However, CoinMamba, a futures trader and cryptocurrency investor, revealed a different perspective on the situation when he stated on Dec. 8 that his Binance account was hacked through an API created two years ago, sent exclusively to 3Commas, a cryptocurrency trading software provider.
The API was only pushed to 3Commas and nowhere else, which I haven’t used since I created an account there. If you have similarly submitted your API there, you should immediately delete it from your Binance account.
— CoinMamba (@coinmamba) December 8, 2022
CZ responded to CoinMamba, explaining that Binance had “seen multiple cases involving 3Commas” and claims that the users were phishing.
I haven’t used 3Commas for almost 2 years and I didn’t even remember that I had an account there. This is definitely not a case of phishing.
Also, I didn’t have an IP whitelist for my API keys, but for some reason they stayed active. They should have been disabled by you.— CoinMamba (@coinmamba) December 9, 2022
Phishing attacks have been an ongoing issueas seen in October on exchanges like FTX and Binance, where users fell victim to phishing attacks targeting crypto services like 3Commas.
Although CoinMamba dismissed the idea that it was a case of phishing, 3Commas provided a full research blog post of the December 10 API key attacks, describing the modern evolution of phishing.
“Over time, phishing has evolved to incorporate new attack vectors, such as paying to advertise imitation websites at the top of search engines or incorporating malware as part of the attack. Furthermore, phishing is known to target specific groups of people, high net worth individuals or even companies (known as “spear phishing” or “whale phishing”).
Despite 3Commas’ investigative post, concerns around stolen API keys only grew as more Twitter users disclosed losses and described 3Commas as “NOT secure.”
On 12/6/22, a 3Commas API (free account) that I set up over 2 years ago and forgot about suddenly went live and started making unauthorized transactions on my Binance account:
– Losses of $155K (counter-traded)3Commas was unable to protect the client’s API data. 3Commas is NOT safe: pic.twitter.com/KkhVwVM9YA
—Joel (@akng1985) December 7, 2022
Even Sleuth on-chain, ZachXBT, weighed in on the discussion:
And 3Commas still claims that people were just phishing lol pic.twitter.com/Ka7HI53oAL
— ZachXBT (@zachxbt) December 8, 2022
With overwhelming evidence confirming stolen API keys at 3Commas, loss of funds by multiple users, and current API data vulnerability, it is doubtful that the funds are “SAFU”.
Following a Twitter debate between CoinMamba and CZ to its conclusion, a deleted comment by CZ revealed retaliatory comments suggesting the “unplugging” of the Binance accounts of 3Commas and CoinMamba.
Deleted tweet. But CT remembers… pic.twitter.com/p5nkeDmhe1
— CoinMamba (@coinmamba) December 9, 2022
On Dec. 9, CoinMamba stated that its Binance account had been closed and received an explanatory response from the Binance customer support Twitter account.
Your account has been placed in withdrawal only mode. The decision was in response to threats he made to our CS, unrelated to our Twitter dialogue. We put together a team of over 20 case managers to try to help you. We’re sorry it’s come to this, but we wish you all the best. pic.twitter.com/lTkKy2WnJS
— Binance Customer Support (@BinanceHelpDesk) December 9, 2022
