The Skyrex platform for algorithmic cryptocurrency trading disclosed an attack. As a result of the API key compromise, the owner of the Jelly eSports NFT project, who goes by the alias CarlosOMFG, suffered losses.
The latest news about the attackhttps://t.co/EGSA94Xxvj
— Skyrex (@skyrex_io) November 14, 2022
In the course of the investigation, the team found that the incident resembled the recent case with 3Commas.
\”Everyone is wondering why Axie Infinity (AXS) is pumping. Someone somehow bought [token] worth millions of dollars through my Binance account,\” wrote CarlosOMFG.
Anyone wondering why #AXS is pumping. Someone, somehow bought a million dollars worth on my @cz_binance @binance account. I have multiple security levels, nobody accessed my account…
WTF!?
I just got REKT. pic.twitter.com/iGOocFZynU
— CarlosOMFGTv (0%) (@CarlosOMFG) November 13, 2022
The founder and CEO of the exchange, Changpeng Zhao, contacted him. He speculated that the owner of the NFT project \”shared his API key with Skyrex, 3Commas, or some other third-party platform.\” CarlosOMFG confirmed this, though at first he denied it.
\”We have identified at least three cases where users shared API keys with third-party platforms and observed unexpected trading in their accounts,\” commented Changpeng Zhao.
We have seen at least 3 cases of users who shared their API key with 3rd party platforms (Skyrex and 3commas), and seen unexpected trading on their accounts. If you used such a platform before, I highly recommend you delete your API keys just to be safe. 🙏
— CZ 🔶 Binance (@cz_binance) November 14, 2022
October 2022 remains the record month for stolen cryptocurrency by volume, with losses of $760.2 million, according to PeckShield.
Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.