The Binance SYS “Hack” Explained
Hackers compromised Binance on July 3rd. They gained access to APIs and pumped the token SYS. However, all funds are safe and the issue has been fixed.
At 2018/07/03 20:18:00 (UTC), irregular trades were detected from a number of API users, triggering our internal risk management system. As such, Binance made a timely decision to suspend trading, withdrawals and other account functions.
– Incident Recap on Irregular SYS Trading. Support.binance.com.
That is a lot to take in, but here are the general facts:
- This is the second time this has happened. Last time hackers phished Binance users by setting up a fake site. The problem had nothing to do with Binance, it was users getting scammed. Thus, until we know for sure, “Binance hack” is probably the wrong choice of words (although it helps to convey what happened, so let’s leave it as a placeholder until we know for sure what occurred).
- The scammers pumped SYS. That part of their plan worked. SYS went to absurd heights on Binance (a single SYS token traded for 96 BTC at one point for example; it should be 0.00003655 BTC or so not 96.00 BTC), but even after the fake pump SYS stayed up about 10% from where it was.
- Binance detected the irregular behavior pretty quick, took their system down, and halted trading.
- A short time after the event updates went up on their site, and then eventually on their Twitter. In other words, their response time was quick and communications were too.
- To ensure the hackers didn’t access their system they reset all APIs. So if you use an API on Binance you’ll want to create a new set of keys and link back up.
- Binance has reported that all funds are safe… likely meaning the hackers didn’t get any SYS or BTC and users should not have lost or gained any BTC or SYS from trades between SYS and BTC.
- This also likely means that if you organically sold the top of the pump… you are going to have your trades reversed.
- This is the second time API scams have happened with Binance, and the second time they shut things down before the scammers could steal any crypto.
TIP: APIs let software interface with your account using a unique set of keys that are a bit like a wallet address and password. Generally we are talking about people who use bots to trade on Binance, who have to thus put their API keys in Binance via their site. See bot trading.
There are a few different ways to read the above in terms of implications. Here is my insight:
- It is likely Binance’s API were not compromised directly… but remember, there is a general risk with sticking your keys in databases (always have withdrawals turned off and don’t put too much crypto in any single account with “trade” access via an API).
- This is the one benefit of centralized exchanges. Binance, like any other major exchange, does not give users direct control over their crypto and they have direct control over user accounts. In the case where there is a hack or a scam they can therefore freeze user accounts and halt withdrawals. In cases where scammers do make off with funds, Binance can credit users and reverse transactions that happened on Binance. Binance isn’t a blockchain, it is centralized ledger. Deposits to Binance and withdrawals from Binance are recorded on respective blockchains, but Binance itself can protect users.
- People are potentially not being careful enough with their keys (that was the case in the first “hack,” we don’t know yet here). You should NEVER share your API keys (just like you should NEVER share your wallet keys). Likewise, you don’t just power type your keys into any website without double checking. You need to be very diligent in making sure you are on an official and secure site before you enter your keys. It is very likely the phishing scam used a website that looked like Binance, but wasn’t (for example a site that was one letter off). Likewise, you should be careful about what computers you use to access your crypto. Malware can access your clipboard and shady extensions can hijack your browser. Use clear browsers, run anti virus, and generally be extra cautious!
- Binance should be commended for squashing two major scams in the course of only a few months (MtGox they are not). However, for all the benefits of a solid centralized company, there are some drawbacks. A major drawback is a large portion of the communities crypto is dependent on Binance continuing to run a smooth ship. If something major goes wrong with a major exchange, we will all suffer the consequences… that is what happened with MtGox.
One big negative, sort of: One note here that is a little complex, but worth considering is this: SYS was pumped on Binance, but that led to over a 100% increase on other exchanges. While the scammers didn’t get away with anything on Binance, we can only assume they did on the other exchanges (for example SYS went up 100% on Bittrex for a moment on July 3rd). This means the gambit was profitable for them in theory if they traded on other exchanges. This means we can expect this sort of thing to happen again. It also means exchanges would likely benefit from being able to coordinate quickly in the event of an attack on one exchange.
- Incident Recap on Irregular SYS Trading. Support.binance.com.