The world’s biggest crypto exchange, handling $1.5 billion in trading volumes during the past 24 hours, experienced some trading irregularities yesterday at around 9:30PM London time from “a number of API users.”
A little known coin, Syscoin, saw its price spike to 96 btc for 1 Sys. That’s some half a million dollars worth per Syscoin which is currently trading at 2 cent.
What exactly happened is unclear, but it appears the API of some Binance users was exploited, with Binance now reseting all API keys and asking users to “take care of their API keys going forward.”
They will roll back trades in Syscoin and have further announced the Safu meme is real. Binance says:
“To protect the future interests of all users, Binance will create a Secure Asset Fund for Users (SAFU). Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”
It has long been a suggested practice for exchanges to keep some funds aside to cover potential theft of their hot wallet.
Binance has not experienced such a theft yet. Hacker Changpeng Zhao, Binance’s CEO, trapped some hackers in March 2018, but that apparently is not quite dissuading dark hat leets as we are seeing from yesterday’s incident.
Funds however are safu. Now they’ll be even more safe as they launch their own insurance policy by setting some funds aside to cover potential thefts of hot wallets.
Yet there does appear to be some problem with their API set-up as this is now at least the second incident involving the API.
Whether simply resetting the keys will be sufficient, remains to be seen, with just how this apparent vulnerability will be addressed, unclear at this stage. Nor is it clear how they can establish a user’s API was exploited rather than the user “exploited” it themselves.
Yet the exchange has become a bit of a meme, just as it has become a bit of a hot space for stolen coins, or so it appears in any event.
When some XRP was stolen from Bithumb this June, for example, it quickly made its way to Binance where it was converted for LTC.
That easy exchange of theft proceeds on a very liquid platform might have been the cause of Japan’s FSA warning Binance earlier this year.
Zhao’s response was to go jurisdictional shopping, announcing recently fiat pairs for Ugandan money are available. Yet Uganda isn’t quite a place many would want to associate with the biggest crypto exchange.
They have the ability and the window of opportunity to offer Coinbase quite some competition, but Binance’s regulatory approach seems to be very different. So how they will play that game, remains to be seen.