3Commas, a crypto trading signals provider, has finally confirmed a recent attack that saw thousands of user API keys compromised.
The platform’s founder and CEO Yuri Sorokin acknowledged this fact on Wednesday after it emerged an anonymous user had obtained a list of API keys linked to 3Commas users.
Are you looking for fast-news, hot-tips and market analysis?
Sign-up for the Invezz newsletter, today.
Sorokin’s admission of an attack and potential exposure of tens of thousands of users departs from his company’s assertion over the past several weeks that the API leak resulted from phishing attacks impacting a number of individual users.
3Commas acknowledges API keys leak
Sorokin said in a tweeted statement Wednesday that his company had examined the anonymously shared API keys database and found them to be true. According to the 3Commas CEO, the platform immediately asked supported crypto exchanges, including Binance and KuCoin, to revoke all API keys connected to the trading bot.
3Commas had also allegedly not found the leak to be an inside job, even as it promised transparency going forward.
On-chain sleuth ZachXBT, who said he had verified the authenticity of some of the keys after consulting 3Commas user group, noted:
“3Commas finally acknowledged the leak but the damage had already been done. For weeks they have been blaming its users and accepting zero responsibility.”
Before Sorokin took to Twitter to confirm the leak traced back to his company, Binance CEO Changpeng Zhao had warned users who have ever put their API keys on 3Commas to disable them immediately. Zhao noted that he believed there was a widespread API key leak from the crypto platform.
3Commas users have reported losses of $22 million linked to the leak.
Source: https://invezz.com/news/2022/12/29/3commas-admits-to-api-keys-leak-after-anon-reveals-database/