At least two traders lost their deposits on Binance (BNB), largest crypto exchange, as result of known 3Commas API vulnerability
The veteran poker player and trader with 280,000 followers on Twitter discovered that his deposits on Binance (BNB) had disappeared. It looks like their loss should be attributed to a vulnerability that was exposed in mid-October.
Hackers target Binance (BNB) accounts: Who is in danger?
Binance (BNB) users have had their accounts drained by attackers through a well-known vulnerability of 3Commas trading bot API instruments, according to a statement by Rodion Longa, founder of the Worldpokerdeals portal. His losses are estimated at $450,000 in Binance USD (BUSD) stablecoins.
Longa recalled that he has not used the 3Commas trading bot API in the last 11 months, so there is no possibility of a phishing attack. He also forgot about the fact that an API connection was set up on his Binance account.
Almost simultaneously, a similar issue was reported by an anonymous trader who goes by @coinmamba on Twitter. The trading veteran stated that he had only connected his API to 3Commas services and had also forgotten about the fact.
He immediately reported the issue to the Binance (BNB) team and demanded compensation. However, he added that his main motivation was to spur the platform to take action to prevent such attacks from happening again.
Binance (BNB) restricts operations of affected trader, here’s why
Changpeng “CZ” Zhao responded to Coinmamba and stated that his case cannot be eligible for Binance’s SAFU compensation program as this might unlock attractive opportunities for abuse:
Mamba, we have almost no way of ensuring that users don’t steal their own API keys. Trades were made using the API keys generated by you. Otherwise we’ll just be paying users to lose their API keys. I hope you have understood.
In a few hours, Coinmamba unveiled that his Binance (BNB) account was put in “withdraw only” mode. He shared a screenshot of a tweet allegedly deleted by CZ, where the Binance CEO called the trader “unreasonable” and called the entire situation a “two-sided walk.”
Coinmamba concluded that the account was banned because of “their tweets”.
As covered by U.Today previously, a number of reports flooded crypto Twitter in October-November 2022: traders noticed that attackers started using the 3Commas API to pump and dump low-cap coins via Binance accounts.
In an official statement, the 3Commas team assured the users that there was no key leak from their side.
