Heard that a rumors on discussion website. A victim stated that an unknown counterfeit cryptocurrency transaction submitted in his account. I retrospectively his discussion detail and feeling that the problem may not happen in his endpoint. The victim stated that he noticed that a 3rd API key has been created, without IP white listing. But the API key not his own belongings. Regarding to the BINANCE Exchange client specification, they support REST API. What if when they are using REST API caching middleware,acting as a reverse proxy between load balancers and your REST API workers. Is there a way let threat actors do the dirty tricks in the cache space?

Should you have interest about this news. Please refer below url for reference.

https://www.ft.com/content/58a32050-22aa-11e8-add1-0e8958b189ea