And you thought you had a tough day. The Binance crew were embarrassed by what some are saying is either a ‘fat finger’ anomaly ora clever hack that disrupted the trading action, market caps, and reputations of several brands – Binance chief among them.
As per usual Binance acted quickly, communicated via social media, and tried to inject a bit of humor in doing so. We aren’t so sure it all adds up to a laughing matter.
Binance announced that they removed the existing API keys due to a “precautionary security measure”. This followed after a blog post by Binance stating that the exchange will halt trading, withdrawals, and other account functions for “system maintenance”.
It stated: “Due to irregular trading on some APIs, Binance will remove all existing API keys as a precautionary security measure. All API users are requested to recreate their API keys.”
Earlier today, Syscoin [SYS], a top 100 coin, saw a hike of close to 80% before dropping down. Further reports show that this was due to a single trade on Binance, where one Syscoin was bought for 96 Bitcoin [BTC] for a price of 6.23 million dollars.
The coin was trading at around 0.00004 BTC before beginning trading at 96 BTC. Syscoin’s co-founder, Sebastien DiMichele commented: “My understanding is that yes, Syscoin was sold for 96 BTC per unit at one point today. We saw massive bot activity, our community let us know that they were having trouble with deposits at Binance.”
The blockchain explorer of Syscoin shows that over 1 billion coins have been mined in one block. The block number 87670 shows that the “value out” parameter is of 1,237,899,268.6 Syscoins. This is unusual (to say the least) as the total number of possible SYS tokens is 888 million.
Jamesonn Lopp, a Bitcoin developer, said in a statement to Hard Fork that the mining of many coins falls under breaking monetary supply rules. He stated: “Breaking the monetary supply rules for a cryptocurrency can’t be accomplished via a 51% attack; this indicates that a flaw has been found and exploited at the protocol level. It’s likely similar to the buffer overflow vulnerability that was exploited in Bitcoin in 2010 that allowed someone to create 184 billion BTC.”
In other words, this is a mess that has yet to be solved, figured out, or properly accounted for as of this writing. Binance hasn’t given a meaningful explanation of how, or why, this could have occurred within their architecture – and Syscoin is still dealing with the after-effects of a hack on their ecosystem.
It leaves old school and new school crypto believers scratching their heads and theorizing about how this same method/execution can and will be used on other coins and other exchanges.
“Mine a lot of $SYS. Send $SYS to Binance. Set very high sells vs. $BTC. Hack Binance API. Use $BTC of Binance users that use API to buy $SYS. Take over $SYS mining power to prevent a rollback of the chain. Hope to get $BTC out of Binance.”
That is the type of theory that can be applied to not just $SYS, but any coin outside the Top 25 market cap coins. $SYS is a Top 100 market cap coin and their brand and team have a great reputation. Thus the questions concerning how and when this will happen again. Hackers, thieves, etc, tend to be copycats – especially when considering there are potentially millions of dollars available for said theft.
And then there is this:
User CRNBTC on Twitter noted that one of Binance’s hot wallets have become active again. He said: “7000BTC moved out of @binance hot wallet after the syscoin api pump. binance has not issued any withdrawals since.”
Couple with the news of a compromise on the coin’s blockchain, with Syscoin’s Twitter account stating: “We are investigating a possible issue on the Syscoin blockchain, nothing is confirmed but we have asked for exchanges to halt trading while we investigate.”
In other words – there seem to be breaches and issues everywhere: $SYS network/blockchain, Binance’s exchange/wallets, and several depths of security at both firms.
There will be more to unpack here, we are sure of it.