Contents
A database of API keys of 3Commas cryptocurrency service users was published online. The authenticity of the data and the fact of the leak were confirmed by the firm’s CEO Yuriy Sorokin. At the same time, the statement on the website says that other API data — secrets and passphrases — were also leaked.
An anonymous Twitter user stated that he received about 100,000 API keys. He published more than 10,000 on December 28. The exploiter also promised to continue to release personal data randomly in the coming days. A crypto influencer, Zach XBT, shared screenshots of his conversation with the anonymous.
The brand new newsletter with insights, market analysis and daily opportunities.
Let’s grow together!
The API keys that were leaked were mostly generated on Binance and KuCoin.
Sorokin added that he had asked Binance, KuCoin, and other supported exchanges to revoke all keys associated with 3Commas. The company launched an investigation involving law enforcement and assured that it has implemented new security measures to protect users.
The company was founded in Estonia by Yuriy Sorokin, Egor Razumovskii, and Mikhail Goryunov in 2017. 3Commas has over 100,000 monthly active users and more than 270 employees worldwide. Trading volume in 2021 was $225 billion, with $37 million raised in Series B funding.
3Commas is a cryptocurrency trading management platform that offers various customizable trading bots and full portfolio management from a single user-friendly interface. These bots automatically make trades on behalf of the user on third-party crypto exchanges. Bots have many different settings and allow you to trade 24 hours a day, 7 days a week, without user involvement.
The exchanges generate API keys, and users connect these keys to 3Commas to give the app access to their accounts. 3Commas trading tools are supported on 16 major cryptocurrency exchanges: Binance, Bittrex, Bitstamp, Bitfinex, Bitmex, Coinbase, OKX, KuCoin, Huobi, Bybit, Deribit, Kraken, Ripple, Ethereum, Crypto.com, Dogecoin.
API (Application Programming Interface), is a set of rules describing how two applications communicate with each other. In cryptocurrency trading, the API provides real-time access to market data, trading, and user account management.
An API key is a code used to identify and authenticate an application or user. API keys are available through platforms and serve as unique identifiers.
The API key is passed to the application, which then calls the API to identify the user, developer, or program attempting to access the website or service.
In our case, API keys serve both to authenticate the user (confirm identity) and to authorize the user (verify permission to execute the request).
The exploiter gained full control over users’ digital assets on exchanges via 3Commas service. Anonymous stated that he has access to billions of dollars, but he does not want to cause damage, only to teach a lesson so that people do not trust 3Commas. Sounds like the speech of a disgruntled former employee. There have been numerous rumors about the theft of API keys by employees, which the company has denied.
3Commas also has previously repeatedly assured that there were no leaks and complaints from users that transactions with their cryptocurrency are taking place but without their knowledge, the results of phishing attacks. Although back in November it was known that 48 confirmed 3Commas customers from the active user base were affected.
Despite 3Commas being an official partner of Binance, the head of the largest crypto exchange Changpeng Zhao (better known as CZ) tweeted that the data leak was from this company.
Only now has the platform acknowledged the exploit. 3Commas stated that “no evidence of an inside job was found” and “only a small number of technical employees had access to the infrastructure,” but they have had access removed since November 19.
Moreover, in the comments to Yuriy Sorokin’s tweet, he was accused of gaslighting
Hermetica Labs announces the debut of USDh, a pioneering Bitcoin-based synthetic United States dollar featuring…
Turkey, a significant player in the global cryptocurrency landscape, is gearing up to introduce crypto-related…
The decision by zkSNACKs to discontinue its CoinJoin coordination service has stirred concerns among Bitcoin…
Hello, fellow crypto enthusiasts! 👋 As we embark on another week in the ever-evolving crypto…
EigenLayer, a protocol for Ethereum restaking, recently announced an airdrop plan that garnered both praise…
Keonne Rodriguez, a figure linked to the cryptocurrency mixing service Samourai Wallet, has entered a…