Binance deactivated a trader account on December 9 after the user voiced their displeasure with the exchange’s response to an alleged fund theft.
On December 8, a user going by the handle CoinMamba on Twitter began lamenting the lost money, asserting that a stolen API key connected to the cryptocurrency trading company 3Commas was used “to make trades on low cap coins to push up the price to make profit.”
In a string of tweets, the trader complains that Binance was unable to offer him the necessary assistance:
Binance CEO also took to Twitter on Dec. 9 to clarify the situation stating that “there is almost no way for us to be sure users didn’t steal their own API keys. The trades were done using API keys you created. Otherwise we will just be paying for users to lose their API keys. Hope you understand”
In response to the user’s ongoing complaints on the social media site, CZ said in a subsequent tweet that it was considering placing the user’s account “in off boarding (withdrawal only) mode,” adding “we don’t want to service people who are unreasonable.” The tweet was later removed, but a screenshot of it is still present in the discussion.
The user’s account was subsequently shut down, giving them three days to withdraw their money. Coinmamba asserts to have been a customer of Binance for more than five years, and he continues to have open futures positions there.
The user tweets claim that 3Commas rejected any attempt to abuse its protocols or databases and that as a result, it is not liable for the stolen API keys. According to the data that we currently have, we have determined that no encryption mechanisms have been found to be penetrated and that no breaches of the account security databases of 3Commas have taken place.
Another Twitter user also brought up the claimed API hacker, pleading for Binance to freeze withdrawals and look into the matter.
The CEO of Binance acknowledged on November 13 that at least three individuals experienced unforeseen account activity after sharing their API Key with the third-party services Skyrex and 3Commas. After that, he advised users to destroy associated API keys.