[bloppe]

Looks like they went through the Binance API, but they didn't have to. They could have connected directly to the P2P network via a DNS seed. It would have added complexity to the client which might have made it easier to detect, and there are plenty of options for APIs that will serve the same data without any scrutiny. Maybe there should be more scrutiny of those APIs, but it wouldn't be a bullet-proof solution.

There's CSAM on the bitcoin blockchain. Anybody who runs a full node is actually distributing CSAM, and there isn't really any way around that without making Bitcoin illegal, and that ship has essentially sailed now that major national pension funds are invested in it.