Skyrex recognized user loss through compromising API Slok
Skyrex cryptocurrency algorithmic trading platform announced the attack. As a result of compromise of the API Slok, the owner of the Jelly Esports NFT project under the pseudonym Carlosomfg was affected.
During the investigation, the team found out that the incident is similar to a recent case with 3commas.
“Everyone is interested in why Axie Infinity is picking. Someone somehow bought [token] for millions of dollars through my account on Binance, ”wrote Carlosomfg.
The founder and CEO of the exchange Chanpen Zhao contacted him. He suggested that the owner of the NFT project “shared his API key with Skyrex, 3SMMAS or any other third-party platform”. Carlosomfg confirmed this, although at first he denied.
“As a result of the attack, attackers sent a trading order to one account with a pair AXS/BNB. Our longtime partner and friend Carlosomfg suffered losses. Measures are being taken to prevent future incidents and compensation for losses, ”the Skyrex team wrote.
According to her, a quick reaction to the incident limited the damage to 5% of the amount of the founder Jelly Esports NFT in trading. The platform compensates for losses.
“At present, we communicate with the Binance Security team to prevent such cases in the future,” Skyrex said.
Among the alleged measures to improve the management of the API key, the developers suggested introducing:
- list of permitted steam;
- maximum size of market orders.
“We discovered at least three cases when users shared the API key with third-party platforms and observed unexpected trading in their accounts,” Chanpen Zhao commented.
Recall, while the record in 2022 in the month of the volume of stolen cryptocurrencies will remain October Hardware wallets. with a damage of $ 760.2 million, according to Peckshield.
Read the FORKLOG Bitcoin News in our Telegram-cryptocurrency news, courses and analytics.