Leading cryptocurrency exchange Binance has recently announced the creation of a user safety fund called “Secure Asset Fund For Users (SAFU)” in the aftermath of trading irregularities that saw at least one user purchase one Syscoin (SYS), worth about $0.26, for the equivalent of $625,000 in bitcoin.

In an update going over the irregular trades the exchange detected, Binance announced that they came from a number of its API users, and that these triggered its internal risk management system.

Once the system was triggered, the company decided to halt trading, withdrawals and other functions until it figured out what was going on. Since the problem came from users’ API keys, these were removed and those using them were asked to recreate their keys.

Notably the incident affected the trading pairs of Syscoin, a cryptocurrency that has well over 90 percent of its trading volume concentrated on Binance. While the token is at press time trading at $0.26, the irregular trades saw a user pay 96 BTC for one SYS.

Binance’s announcement details that it’ll rollback all irregular trades, and compensate those negatively affected by offering them zero-fee trading between July 5 and 14. All other Binance users will receive a 70 percent rebate paid in BNB, a cryptocurrency that's been bucking the bearish trend, on trading fees paid during said period.

The exchange added that to “protect the future interests of all users,” it’s set to create a Security Digital Asset Fund for Users (SAFU). The post reads:

Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.

Near the end of its update, it noted that its core values see it protect its users, and that given the explosive growth it had it’s bound to face challenges. To face these challenges, the post reads, community comments and suggestions are welcomed.

Per various analysts the Syscoin pump wasn’t coincidental, as bad actors could’ve been trying to manipulate the market through a third-party trading bot with access to API keys. By compromising said bot, the bad actors could’ve just used various accounts to pump SYS, and then sell their own tokens at an inflated price.

My take re: $SYS pump on Binance 1. Many Binance users were using a 3rd party trading bot w/ API access.

2. Bot was compromised.

3. Malicious actor set high SYS sell orders, then used compromised accounts to pump SYS price into them.

4. Same method used w/ $VIA in March. https://t.co/2V3an1zteP — Matt Odell (@matt_odell) July 4, 2018

This attack method means neither Binance nor SYS’ blockchain were hacked, but a third party. Whether the hackers managed to withdraw their funds wasn’t clarified, although we assume Binance managed to stop them as it’s rolling back irregular trades.

Binance on Security

Going forward, Binance asked users not to create an API key if they don’t regularly use them, and to not share access to their keys with any third-party service providers. To enhance security, it further asked users to use its “IP whitelist” functionality, to ensure they’re the only ones with access to their API keys.

This is notably not the first time Binance thwarts a potentially malicious attack. As CryptoGlobe covered, the company thwarted a large-scale theft attempt earlier this year, that saw hackers attempt to manipulate the price of Viacoin (VIA) in a similar way.

In said attack, the hackers used phished accounts to pump Viacoin’s price, so they could dump their own tokens and then withdraw in BTC. The irregular pump triggered Binance’s security systems, which halted withdrawals and let to the hackers losing money.