A few weeks ago, I noticed something odd about my Binance account. 10 BNB appeared. I thought nothing of it, I recently did purchase BNB and thought perhaps I bought 10 by mistake.Then a few days later I was doing some late night trading. There were a couple of movements I was watching out for which had begun. As I was setting a stop loss and calling it a night, I took another peek at my balance. I noticed that I had bought quite a lot of ONE, as well as some stablecoins such as USDT and TUSD. I never, every trade in stablecoins. I think in terms of BTC and any change in the value of that is just a short-term movement in my world. I first thought this was some kind of bug. Then I discovered that my stop-loss had been cancelled and my original position was sold up, all for more ONE and stablecoins. My account seemed to have a mind of its own. But what was worse is that the BTC value of my account was falling away in front of my eyes.This was pretty late in the evening, but fortunately I didn't have a lot of beer in me that night. I immediately changed my 2FA, and then, thinking quickly, cancelled all of my APIs. I had just remembered that I recently started experimenting with a couple of third-party apps. I didn't spend a great deal of time on them, so they slipped my mind a little. That seemed to have put a break on everything.I then notified Binance what happened, and they put a temporary lock onto my account. After submitting some ID and stuff, things were back to normal.In all, I lost about a third of my account's BTC value. This was about two month's of hard work, gone. I had some time away from work over the summer, and set about doing some decent trading. Wiped out by some bastard on the Internet somewhere.The API I used was restricted to trading only. As far as I'm aware, there are two ways this can be used maliciously. The first is using your account to pump up a coin. The second method is placing trades that give the hacker good returns at your expense by crossing the spread. Crappy trades, in other words. I believe I was a victim of the second method the way my account was draining so quickly. The initial BNB purchase served as a test to see if I was paying attention, and also to save themselves some fees on my behalf (thanks!) so they could eventually drain more.Just a reminder to everyone. When creating an API, make absolutely sure that you check the option "Restrict Access to Trusted IPs Only". This was a major dumb move on my part. I'm just happy I noticed my account was behaving strangely when I did, otherwise I could have lost everything.Be safe everyone!
Submitted August 17, 2020 at 09:09PM
No comments:
Post a Comment