Binance Says $4.6M Filecoin ‘Double Deposit’ an API Mistake

The “incorrect use” of an API allowed for the same Filecoin tokens to be deposited twice.

By Will Gottsegen

2 min read

On Thursday, Coindesk reported on an exploit that allowed $4.6 million in Filecoin tokens to be deposited more than once on Binance. In emails to Decrypt, Filecoin and Binance are chalking it up to an “incorrect use” of APIs, as opposed to a bug.

The issue resembled a “double spend”—a system-breaking defect, usually brought on by an attack on a blockchain, that allows the same cryptocurrency to be spent twice. Filecoin is a token that helps enable a decentralized storage network.


The proof-of-work consensus mechanism that backs Bitcoin and other cryptocurrencies is meant to prevent double spends. But the transaction in question only happened once on the Filecoin blockchain, even though the exchange mistakenly accepted the transaction twice; the result was more like a “double deposit” than a double spend.

A blog post from Protocol Labs, the team behind Filecoin, says that an investigation “found no issues with the Filecoin network or the RPC [remote procedure call] API code.” And in a statement to Decrypt, a spokesperson for Protocol Labs said: “We are confident that there is no double-spend on the blockchain itself.”

Binance told Decrypt that deposits of FIL, Filecoin’s token, were halted yesterday in the wake of the double deposit. “The issue was caused by the incorrect use of the Lotus [Filecoin’s software suite] API logic and its integration in transferring and depositing into the Filecoin Network,” said a spokesperson. An API, short for application programming interface, is a way for software to talk to other software.

According to the Binance spokesperson, there was no loss of funds. They referred Decrypt to Filecoin’s incident report. 

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News