Rumors of a hack, leading to a freeze of withdrawals on the Binance exchange has triggered another mass market crash, wiping out gains even for assets that moved counter to the bearish trend. User reports claim orders were made on their behalf on Binance, and VIA coins were purchased at peak prices.
This caused VIA to grow by more than 50% in 24 hours net, to $3.70. Other users report their coins missing or traded without their permission.
Some traced the attack to the usage of API keys, typically required for trading bots, which could have been compromised or hacked, possibly explaining why only certain accounts were affected.
Someone hacked the trading bot used by majority of people. #Binance is not hacked
People trading on bots got compromised bots have the api keys.
So far, no official statement from Binance has surfaced, but the crypto community has reacted immediately to the fears.
In the past months, Binance has set the pace for numerous assets, acting as the main platform for price discovery. So naturally, a glitch would create panic. Even the planned maintenance of Binance in the past resulted in panic. Hacking rumors for an exchange, that until now, had a clear record, are putting Binance in the same boat as other major markets that saw attacks, including Bitfinex, Coincheck and others.
So far, a moderator for Binance on Reddit, has stated the issue is still under investigation:
"We are investigating reports of some users having issues with their funds. Our team is aware and investigating the issue as we speak. Please remain patient and we will provide an update as quickly as possible."
Users have been sending tickets to the exchange regarding the orders filled without permission.
The series of orders on Binance caused a slump in all major pairs traded, affecting several assets. TRON (TRX) slid to $0.038, Digix DAO (DGD) fell to $403, down from recent peaks, but some assets remained less affected.
Withdrawals have been suspended, per user reports, but this could also be a precautionary step taken by the exchange while it investigates unauthorized activity.
It should be noted that using API keys to give trading bots and third-party services access to your exchange account has inherent risks, as API access can also bypass two-factor authentication. For now, it is recommended that users who generated API keys, revoke access, and as always, you should never hold all your crypto assets on any exchange unless you plan to trade them actively. We will continue to update the story as more details emerge.