When IP Whitelisting Isn't What It Seems: A Real-World Case Study from the Binance API

A case study on how Binance's listenKey design bypasses IP whitelisting, why Bugcrowd dismissed it, and what this teaches us about API security in 2025. In 2024, I discovered an unexpected API behavi