On December 28, 3Commas CEO Yuriy Sorokin confirmed on Twitter that a hacker had exposed his company’s API keys.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
The announcement came after an unidentified Twitter user disclosed online 100,000 API keys that belonged to 3Commas users.
Yuriy Sorokin stated on Twitter that users were tricked into providing their data by a phishing assault. 3Commas had earlier insisted there was no security issue on its end.
On December 11, Yuriy Sorokin stated on the business blog that false screenshots were spreading on Twitter and YouTube, allegedly proving the firm’s weak security and workers’ theft of API keys.
Yuriy stated:
“The person who created the screenshots did a nice job with an HTML editor, but they made a few key mistakes that easily prove their claims are fake. We’ll go through those point by point.”
In late October, 3Commas first experienced security difficulties. At that time, the still-running FTX exchange issued a security alert in response to user allegations of illicit trades of trading pairs with the DMG coin on FTX. The trades were carried out by hackers who, according to 3Commas and FTX, had created accounts on 3Commas.
Yet, the 3Commas blog claims that the API keys were obtained from sources other than 3Commas and not from 3Commas itself.
Changpeng Zhao, CEO of Binance, encouraged users to immediately disable access because he was quite positive that there were extensive API key breaches from 3Commas.
CZ stated in a tweet:
“I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.
Stay #SAFU.”
The announcement by CZ came in response to an incident on December 9 in which Binance terminated the account of a user who had complained about losing money the day before.
The user alleged that a stolen API key connected to 3Commas was used for trading low-cap coins and driving up their price in order to benefit. The user was not compensated by Binance. According to CZ’s tweet, the loss is unprovable, and if the company makes up for it, Binance will simply compensate users who misplace their API keys.
CZ replied to a Twitter user, stating:
“Mamba, there is almost no way for us to be sure users didn’t steal their own API keys. The trades were done using API keys you created. Otherwise we will just be paying for users to lose their API keys. Hope you understand.”
According to Yuriy Sorokin, the hacker revealed factual data. He claims that in order to invalidate the keys associated with 3commas, the platform has contacted exchanges, including Binance, KuCoin, and others.
If you would like to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, and Instagram.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”