3Commas CEO admits API key leak, hackers did gain access to data
The trading bot platform 3Commas allows users to manage accounts on multiple exchanges through API (Application Programming Interface) on a single interface. Over the past few months, there have been frequent reports of user API key leaks leading to unauthorized trades. 3Commas officials had previously claimed that the issues were due to users falling victim to phishing websites. However, they have now admitted that data was stolen by hackers.
Table of Contents
3Commas Admits Key Leak
3Commas CEO Yuriy Sorokin stated today, the 29th, that they have seen the messages from hackers and have confirmed that the information in the files is accurate. In order to take immediate action, they have requested Binance, Kucoin, and other supported exchanges to revoke all key authorizations with 3Commas.
The CEO of 3Commas also mentioned that although internal issues are possible, no evidence has been found during the investigation.
He stated that only a small number of technicians had permission to use the infrastructure, but 3Commas revoked their permissions on November 19th.
Since then, 3Commas has implemented new security measures and has launched a full investigation, including law enforcement action. They apologize for the severity of the situation and aim to provide transparent information to users in the future.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
Crypto Detective ZachXBT's Early Warnings, Official Denials
On December 21st, crypto detective ZachXBT clashed with the API trading platform 3Commas. ZachXBT stated that many users have reported in the past few weeks that unauthorized trades appeared in their centralized exchange accounts.
However, 3Commas still blamed users for falling victim to phishing sites that leaked the API. ZachXBT has gathered 44 victims totaling a loss of $14.8 million. He mentioned that these users were not phished, but their API keys were stolen. He urged users to stop using the platform.
After 3Commas' admission, ZachXBT brought up the official denials of being hacked once again, which now seems particularly ironic:
Congrats you morons are what’s wrong with the space pic.twitter.com/8n8uVBYvaQ
— ZachXBT (@zachxbt) December 28, 2022
Related
- OKX lending of FLOKI mysteriously liquidated! OKX responds: Lending is a C2C market, the platform only facilitates matching
- IRS Update on Cryptocurrency Tax Guidelines: No Need to Report Wallet Addresses, Transaction IDs, and Specific Times
- Circle CEO Concerned About MiCA: Introduces Credit Risk, No Banks Willing to Cooperate on Reserves