• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

How Cybercriminals Steal Millions Using API Keys

By kamran | At May 29, 2021

May 29 2021

How Cybercriminals Steal Millions Using API Keys

A recent study found that cybercriminals are now able to abuse API keys used for cryptocurrency exchange and use them to steal millions of dollars worth of cryptocurrency. 

With the boom in the cryptocurrency market in recent years, companies started offering apps and services to assist traders in the process. Part of the protocol of using these services requires that traders grant access to third-party programs to their accounts via API keys to execute actions on their behalf. 

Each set of API keys has two elements: the public key and the private (or secret key). The latter is used by third-party apps to authorize trading. And even if someone steals the secret key, they shouldn’t be able to withdraw your cryptocurrency because cryptocurrency exchanges disable withdrawals by default.

But the research conducted found that there is an emerging criminal business on hacker forums recently of offering to empty crypto exchange accounts by exploiting the API keys – and alarmingly, it’s not just an empty promise. 

Hackers are using these keys to empty crypto accounts without obtaining withdrawal rights.

But how cybercriminals abuse the API keys?

Cryptocurrency exchanges offer three types of API permissions:

  • Data permissions allow the APIs to read data from the account such as trading history, account balance, and open orders
  • Trade permissions allow APIs to execute trades and open or close orders on behalf of the account holder
  • Withdrawal permissions allow APIs to withdraw currency from the account and transfer it to another location. Usually this permission is disabled by default.

It’s natural to think that for the hackers to be able to steal from the accounts, the stolen API keys would need to have the withdrawal permission enabled. However, the research could not find a single such incident of a stolen API key with withdrawal rights enabled. 

How, then, were they able to perform this criminal activity?

It seems that hackers don’t even need to directly withdraw funds; they can just trade away the balance using appropriate permissions gained via stolen API keys.

There are two main methods of exploitation that the criminals use to steal funds: “sell wall” buyouts and price boosting.

  • “Sell walls” are a manipulation method used in the stock market as well as in cryptomarkets. It involves creating artificial sell orders in order to lower cryptocurrency prices and be able to buy them cheap. Threat actors set up their trading bots and open up many sell orders below market value and authorize buy orders for the coins via stolen API keys. Orders are consecutively set up to sell coins for as long as it takes to empty the victim’s account. 
  • Price boosting involves using the API keys and initiating large buy orders for cheap coins which have a low trade volume to increase their price momentarily, and then selling them back to the victim at stupendous rates. After all the orders are execited, the coin goes back to its original low value, leaving the victim with a virtually worthless coin value.

Cybercriminals have various methods of stealing API keys including using leaked data sources for private keys and stealing unprotected keys stored in framework settings for apps. Make sure to protect your API keys by whitelisting IP addresses for API key usage and treating your keys as the private key for your cryptocurrency wallet. You could also try rotating them to make them harder to steal.

Written by kamran · Categorized: Cyber security threats, Cyber security tips

Primary Sidebar

Recents post

Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout

As cyber threats grow more … [Read More...] about Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout

Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More

Welcome to another edition of … [Read More...] about Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More

Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

As cyberattacks continue to … [Read More...] about Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

Categories

  • AI and cybersecurity (2)
  • blockchain (1)
  • Cloud security (29)
  • Compliance (25)
  • Cyber security news (108)
  • Cyber security threats (376)
  • Cyber security tips (370)
  • Data Security (3)
  • E-Commerce cyber security (3)
  • Education cyber security (1)
  • Enterprise cyber security (7)
  • Financial organizations cyber security (4)
  • General (22)
  • Government cyber security (4)
  • Healthcare cyber security (19)
  • Information Security (2)
  • Law Firms Cyber Security (9)
  • Network security (9)
  • Newsletter (1)
  • Privacy (1)
  • Ransomware (14)
  • remote work (1)
  • Risk assessment and management (6)
  • Security management and governance (9)
  • SME Cybersecurity (2)
  • Software Security (2)
  • Supply Chain Attacks (5)
  • System security (3)
  • Uncategorized (21)
  • Vendor security (14)

Archives

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (855) 444-6004

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout
  • Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More
  • Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Privacy Policy Terms of Use Acceptable Use

Copyright © 2025 | All right reserved