Now, 3Commas users have posted on social media about a possible breach that led to API keys being leaked. This leads to illegal and unusual trading patterns in users’ exchange accounts, in most cases, in an attempt to pump and dump coins. 3Koma has so far denied all rumors saying that there was no breach but with the indisputable evidence now in the face, the crypto trading platform has been held accountable for the first time.
How to Get Started
The popular on-chain sleuth ZachXBT took to his Twitter account to share some damning evidence which he had shared with her. In an image shared with his more than 340,000 followers, someone claimed to have access to more than 100,000 leaked API keys from 3Commas, which he eventually shared with Zach.
Zach explained that he verified the validity of the claim by checking the API key and several people in a group created for those who had leaked the 3Commas API key. confirmed that the same key is actually in the database that has been shared with Zach.
In a follow-up tweet, Zach sent a letter that the sender referred to as his “Final Christmas Gift” stating that there was no offense. But the information has been sold by the staff of the 3Commas team.
A more alarming revelation is the fact that this person or group claims to have more API keys. Apparently, they plan to release a complete database of over 100,000 API keys. Fortunately, they plan to remove any personal or identifying information from their database to protect people.
2/ I won’t spread the db because some buttons are still active but this is what the account said about the leak in the post:
Unfortunately, it seems that they will publish the complete database of 3Commas users. pic.twitter.com/XSf6GslXZ8
— ZachXBT (@zachxbt) December 28, 2022
3Coma Finally Admits Leak
In light of the light provided by the ZachXBT thread, the 3Commas team has taken responsibility for the data leak for the first time. Founder and CEO Yuriy Sorokin took to Twitter to acknowledge the authenticity of the claim. The CEO explained that he had investigated an inside job but could not determine whether the leak was from a staff member.
1. Statement of 3 Commas:
We saw the hacker’s message and can confirm that the data in the file is correct. As an immediate action, we are asking Binance, Kucoin, and other supported exchanges to withdraw all buttons connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
Interesting, Sorokin state that a small number of technical employees who had access to the data had been stripped of access on November 19, which means they had known about the leak for at least a month. But 3Commas has continued to gaslight users, accusing them of falling for phishing scams and asking them to go to the exchange when the problem has come from them all at once.
Tota market cap remains below $1 trillion | Source: Crypto Total Market Cap on TradingView.com
“3Koma finally acknowledged the leak but the damage was done. For weeks they blamed users and took no responsibility,” said ZachXBT. Make sure to never give an incompetent clown the likes @3commas_io your business again.
Customers and exchanges have been advised to revoke all API keys connected to the 3Commas platform. For 3Commas, Sorokin said: “We have implemented new security measures and will not stop; we are launching a full investigation involving law enforcement.
Featured images from Discover Magazine, charts from TradingView.com