In his tweet, Zhao mentioned that cryptocurrency users have shared their API private keys with third parties three times, and that Binance had witnessed all three of these instances. After then, these unnamed third parties initiated illegal trading activity using the accounts in question.
He emphasized once more that users of any of these third-party platforms should remove the secret API keys associated with their accounts in order to maintain account security.
Skyrex and 3Commas are examples of third-party services that allow users to exchange the private API keys associated with their accounts. Additionally, a reputation for being able to automate the trading of cryptocurrency is associated with both of these platforms.
The way that these platforms function is that when users of cryptocurrencies share their API keys, the platform is then able to access the users' accounts and automatically execute trades from those accounts because it has access to real-time market data. In addition to that, they are in charge of handling accounts of this kind.
Some Users' Experiences with Cryptocurrency
In response to Zhao's caution, a number of users of cryptocurrency turned to Twitter to discuss their personal experiences with the practice of providing API keys with third-party sites. For instance, a person with the Twitter handle @CarlosOMFG reported that he had discovered that assets worth one million dollars had recently been purchased in his Binance account without his knowledge or permission.
He went on to say that the purchases had caught him off guard, especially considering the multiple safeguards that were in place for his account. Since the one million dollar buy was made for AXS tokens, @CarlosOMFG further stated that this particular move may have been the source of the recent AXS pump.
In his response, Zhao questioned @CarlosOMFG about whether or not he had previously given any of the aforementioned third-party platforms access to his API private keys (Skyrex and 3Commas). After that, he requested that he immediately erase the keys if he had already done so.
Zhao questioned him further on whether or not he had voiced his concerns to the company's customer support agent and whether or not he had obtained a response. Another user, @MadCrudeTrader, has a situation that is comparable to the one that @CarlosOMFG is going through.
@MadCrudeTrader stated that he had discovered certain sell orders had been put in his account without his knowledge and that they had been executed automatically. This user mentioned that he has had a similar experience in his account and highlighted that he has been trading using APIs to acquire some "small" assets. However, he did mention that he has had this experience.
In addition to this, he indicated that he was unaware of the fact that multiple sell orders had been carried out on the front end. However, he specified that he did not carry out these activities by hand or through the use of an API.