3Commas admits to API keys leak after anon reveals database

1 year ago 76
A Hacker Indicates Crypto Security Threat On Computer

3Commas, a crypto trading signals provider, has finally confirmed a recent attack that saw thousands of user API keys compromised.

The platform’s founder and CEO Yuri Sorokin acknowledged this fact on Wednesday after it emerged an anonymous user had obtained a list of API keys linked to 3Commas users.

Sorokin’s admission of an attack and potential exposure of tens of thousands of users departs from his company’s assertion over the past several weeks that the API leak resulted from phishing attacks impacting a number of individual users.

3Commas acknowledges API keys leak

Sorokin said in a tweeted statement Wednesday that his company had examined the anonymously shared API keys database and found them to be true. According to the 3Commas CEO, the platform immediately asked supported crypto exchanges, including Binance and KuCoin, to revoke all API keys connected to the trading bot.

3Commas had also allegedly not found the leak to be an inside job, even as it promised transparency going forward.

On-chain sleuth ZachXBT, who said he had verified the authenticity of some of the keys after consulting 3Commas user group, noted:

“3Commas finally acknowledged the leak but the damage had already been done. For weeks they have been blaming its users and accepting zero responsibility.”

Before Sorokin took to Twitter to confirm the leak traced back to his company, Binance CEO Changpeng Zhao had warned users who have ever put their API keys on 3Commas to disable them immediately. Zhao noted that he believed there was a widespread API key leak from the crypto platform.

I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.

Stay #SAFU.

— CZ 🔶 Binance (@cz_binance) December 28, 2022

3Commas users have reported losses of $22 million linked to the leak.

The post 3Commas admits to API keys leak after anon reveals database appeared first on Invezz.

Read Entire Article