3Commas repeatedly informed users that they had been “polished” after widespread hacks.
An anonymous Twitter user has obtained nearly 100,000 API keys belonging to 3Commas customers. Whereas, over 10,000 of the keys were released by the leaker on Wednesday. According to him, the rest will be published full randomly in the upcoming days.
Yuriy Sorokin, CEO of 3Commas confirmed the news and the authenticity of the leak in a tweet on Wednesday. In addition, he also said that ” as an immediate action, we have asked the Binance, Kucoin and other supported exchanges to revoke all the keys that were connected to 3Commas”.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
The leak comes after dozen of users complained that their API keys have been illegally used to execute trades on platforms. Those exchanges include Binance, Kucoin, and Coinbase without their consent. Previously, Coindesk already reported,3Commas confirmed that users lost at least $ 6 million to attackers starting in October.
On the other hand, multiple users have said that the amount has at least doubled in recent weeks.
However, Coindesk is not linking or naming the pseudonymous leaker’s Twitter account. Because doing so could further expose sensitive private information.
3Commas initially told Coindesk that phishing attacks were to blame for its users’ losses. Though, over 50 of them have banded together in Telegram group chats. The users have insisted that their credentials must have been leaked by 3Commas or an exchange like Binance or Coinbase.
However, Wednesday’s data has given clear evidence that the credentials leaked rather than phished. Many 3Commas users confirmed the news to Coindesk that they were able to find their API keys among those that the leakers shared.
In a tweet, 3Commas ‘Sorkin noted that he and his company “did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found”.
On Wednesday afternoon, Binance CEO Chengpeng Zhao issued a warning to users before 3Commas made its statement. “If you ah e ever entered an API key into 3Commas, please disable it immediately”.
I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.
Stay #SAFU.
— CZ 🔶 Binance (@cz_binance) December 28, 2022
Now, 3Commas allows users to create trading bots that automatically carry out trades on their behalf on external cryptocurrency exchange. Users enter the API key they receive from those exchanges into 3Commas to give the app access to their accounts.
Alas, the leaker claims that the API keys released this week were produced on Binance or Kucoin.
Read more:
- Google and Coinbase Collaborates To Receive Crypto For Cloud Services
- Coinbase stopped transaction of over $200,000 during the twitter hack
Bitcoin And Ethereum Have Fallen 64% & 67% In 2022; Can They Recover In 2023?