Cryptocurrency exchange Binance issued a notice on Sunday acknowledging reports that a handful of altcoins were trading in an “abnormal” fashion on its platform. The exchange stated it would investigate the matter and take the appropriate actions against “suspicious accounts.”

We are aware of the abnormal price movements for certain trading pairs on #Binance, involving assets such as $SUN, $ARDR, $OSMO, $FUN and $GLM. Our team is investigating and taking appropriate actions in regards to the suspicious accounts. — Binance (@binance) December 11, 2022

Binance’s Chief Executive Changpeng Zhao, also known as “CZ,” later declared that the price movements appeared to be “just market behavior.” He explained that one account deposited funds into a trading account, started buying up certain coins, and that others followed suit.

Based on our investigations so far, this appears to be just market behavior. One guy deposited funds and started buying. (Hackers don’t deposit). Other guys followed. Can’t see linkage between the accounts. 1/3 https://t.co/QlB1VnlHVs — CZ 🔶 Binance (@cz_binance) December 11, 2022

However, he said that Binance did temporarily restrict accounts associated with the altcoin trading that took place, preventing them from being able to withdraw their funds. The decision was reversed after the company “received a lot of complaints on social media” from users in various countries, Zhao said.

In a subsequent Tweet, Zhao recognized there’s such a thing as “too much intervention” in maintaining an exchange that operates in an industry which centers around the notion of decentralization. There’s a “balance” to the appropriate amount of intervention, he said, adding that it’s sometimes worth letting similar situations “play out.”

We are aware of the concept of too much intervention from the platform, “too centralized” attacks, etc. There is a balance to how much we should intervene. Sometimes, these happen in free market, and we need to let it play out. 🙏 3/3. — CZ 🔶 Binance (@cz_binance) December 11, 2022

In its statement, Binance claimed the trading activity in question on Sunday did not seem to be a result of compromised customer accounts or stolen API keys, but said that it would provide updates if more relevant information became available.

This activity does not appear to be due to compromised accounts or stolen API keys; funds are SAFU. We will update this thread should there be any new information. — Binance (@binance) December 11, 2022

The clarification comes after one of Binance’s users, who has since had their account suspended, expressed concerns last week that an API key was leaked through intermediary trading platform 3Commas, which led them to lose funds.

Hey guys. Unfortunately two days ago my Binance account got exploited through an API which I’ve created 2 years ago and haven’t used since which I assumed I deleted but apparently didn’t. It was used to make trades on low cap coins to push up the price to make profit. — CoinMamba (@coinmamba) December 8, 2022

The user, who goes by CoinMamba on Twitter, exchanged a series of tweets with Zhao over the funds that went missing. CoinMamba stated “it would be nice” to get a refund but was mostly upset about the lack of prompt action.

Zhao replied it was not a situation that warranted a refund, adding that it’s important for one to keep their API key secure.

We have more than 20 people investigating. I now have knowledge of the size of your loss, Ip address, etc. Honestly, this is not a case for compensation. Social influence won’t change that. We treat all users equally. Ensuring your api key is secure is important. 🙏 — CZ 🔶 Binance (@cz_binance) December 9, 2022

In a now-deleted Tweet, Zhao also said he was also considering restrictions on CoinMamba’s account in addition to 3Commas because Binance doesn’t “want to service people that are being unreasonable.”

CoinMamba later claimed that his account was closed because of statements he made on Twitter. The Twitter account for Binance’s customer support team replied, claiming that CoinMamba’s account was set to “withdrawal only mode” because of “threats” the user allegedly made.

Your account was placed into withdrawal only mode. The decision was in response to threats you made to our CS, not related to our Twitter dialogue. We pulled together a team of over 20 case agents to try and help you. We are sorry it has come to this, but wish you all the best. pic.twitter.com/lTkKy2WnJS — Binance Customer Support (@BinanceHelpDesk) December 9, 2022

3Commas had put out a press release on Saturday to address questions about attacks on their platform and API keys. The post urged users impacted by attackers to file police reports as quickly as possible so funds can be frozen and potentially recovered. It also warned 3Commas’ users to beware of phishing attacks.

On Sunday, 3Commas also posted a statement on Twitter that claimed “false rumors” were being spread online by “bad faith actors” which accused the platform of leaking users’ API keys. 3Commas said the rumors were related to fake screenshots.

There have been some false rumors shared by bad faith actors using falsified evidence to claim 3Commas leaked users’ API keys. These rumors were related to fake screenshots of Cloudflare logs that have been shared on Twitter and Youtube.

The full article: https://t.co/KVOF2BWlYn pic.twitter.com/qJ52CvnVg0 — 3Commas (@3commas_io) December 11, 2022

Binance, 3Commas and CoinMamba did not respond to immediate requests for comment.