that's my belief based on the statements binance made, but AFAIK no details about how 2FA and API keys were compromised have been released. have they?
No, unfortunately not.
Currently it can only be assumed, but based on their statements it sounded like its not a security problem on their end.
they have urged all users to change passwords, 2FA, and most specifically API keys so i guess we can't be sure this is 100% client side yet.
This indeed sounds strange.
But i guess that's not a clue towards server side problems.
They might want all user to change their secret information because of a server-side security breach or because they believe there are more keys somehow laked / stolen.
API keys were hacked from binance's servers last year and there have been recent suspicions of an ongoing problem.
Were they ?
I remember that most (if not all) people had their API key entered into a 3rd party trading software/script.
And this software had maliciously used the API keys to buy (and pump) a worthless coin, which has been sold by the attacker to get lots of profit out of it.
I didn't see any news regarding the security of binance being compromised. IIRC it was 100% users fault back then.