3Commas CEO Yuriy Sorokin confirmed that a hacker leaked his firm’s API keys in a Dec. 28 Twitter thread.
Sorokin said the data published by the hacker was factual. According to him, the platform has reached out to exchanges like Binance, KuCoin, and others to revoke the keys connected to 3commas.
Binance CEO Changpeng ‘CZ’ Zhao advised users to disable its access immediately as he was “reasonably sure there are widespread API key leaks from 3Commas.”
The 3Commas CEO said the platform had investigated if the hack was an inside job, but it couldn’t find proof. He added:
“Only a small number of technical employees had access to the infrastructure and we have taken action since November 19 to remove their access.”
Sorokin apologized for his firm’s handling of the situation. He said they have implemented new security measures and involved law enforcement agencies in launching a full investigation.
Previously, 3Commas had vehemently denied several allegations and reports that its API keys were compromised. Before its CEO confirmed the hack, the firm’s Twitter account had again denied that its data was breached.
Community asks 3Commas to refund victims
Crypto community members have asked the compromised trading platform to refund victims of the API hack.
A victim, Coinmamba, tweeted that 3Commas kept lying and blaming users “instead of taking responsibility and preventing further exploits.” He asked if the platform was going to refund affected users.
Another community member, Garlam, said 3Commas “gaslighted everyone into thinking it was their fault for getting ‘phished.’”
Meanwhile, several other community members criticized 3Commas’ handling of the situation. According to them, the firm could have prevented further hacks if it had earlier confirmed the data breach instead of labeling the victims as “bad faith actors” and alleging that they “falsified evidence.”
Source: https://cryptoslate.com/victims-seek-refund-as-3commas-ceo-verifies-api-data-leak/