3Commas CEO admits API key leak, hackers did gain access to data

share
3Commas CEO admits API key leak, hackers did gain access to data

The trading bot platform 3Commas allows users to manage accounts on multiple exchanges through API (Application Programming Interface) on a single interface. Over the past few months, there have been frequent reports of user API key leaks leading to unauthorized trades. 3Commas officials had previously claimed that the issues were due to users falling victim to phishing websites. However, they have now admitted that data was stolen by hackers.

3Commas Admits Key Leak

3Commas CEO Yuriy Sorokin stated today, the 29th, that they have seen the messages from hackers and have confirmed that the information in the files is accurate. In order to take immediate action, they have requested Binance, Kucoin, and other supported exchanges to revoke all key authorizations with 3Commas.

The CEO of 3Commas also mentioned that although internal issues are possible, no evidence has been found during the investigation.

He stated that only a small number of technicians had permission to use the infrastructure, but 3Commas revoked their permissions on November 19th.

Since then, 3Commas has implemented new security measures and has launched a full investigation, including law enforcement action. They apologize for the severity of the situation and aim to provide transparent information to users in the future.

Crypto Detective ZachXBT's Early Warnings, Official Denials

On December 21st, crypto detective ZachXBT clashed with the API trading platform 3Commas. ZachXBT stated that many users have reported in the past few weeks that unauthorized trades appeared in their centralized exchange accounts.

However, 3Commas still blamed users for falling victim to phishing sites that leaked the API. ZachXBT has gathered 44 victims totaling a loss of $14.8 million. He mentioned that these users were not phished, but their API keys were stolen. He urged users to stop using the platform.

After 3Commas' admission, ZachXBT brought up the official denials of being hacked once again, which now seems particularly ironic: