3Commas repeatedly informed users that they had been “polished” after widespread hacks.
An anonymous Twitter user has obtained nearly 100,000 API keys belonging to 3Commas customers. Whereas, over 10,000 of the keys were released by the leaker on Wednesday. According to him, the rest will be published full randomly in the upcoming days.
Yuriy Sorokin, CEO of 3Commas confirmed the news and the authenticity of the leak in a tweet on Wednesday. In addition, he also said that ” as an immediate action, we have asked the Binance, Kucoin and other supported exchanges to revoke all the keys that were connected to 3Commas”.
The leak comes after dozen of users complained that their API keys have been illegally used to execute trades on platforms. Those exchanges include Binance, Kucoin, and Coinbase without their consent. Previously, Coindesk already reported,3Commas confirmed that users lost at least $ 6 million to attackers starting in October.
On the other hand, multiple users have said that the amount has at least doubled in recent weeks.
However, Coindesk is not linking or naming the pseudonymous leaker’s Twitter account. Because doing so could further expose sensitive private information.
3Commas initially told Coindesk that phishing attacks were to blame for its users’ losses. Though, over 50 of them have banded together in Telegram group chats. The users have insisted that their credentials must have been leaked by 3Commas or an exchange like Binance or Coinbase.
However, Wednesday’s data has given clear evidence that the credentials leaked rather than phished. Many 3Commas users confirmed the news to Coindesk that they were able to find their API keys among those that the leakers shared.
In a tweet, 3Commas ‘Sorkin noted that he and his company “did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found”.
On Wednesday afternoon, Binance CEO Chengpeng Zhao issued a warning to users before 3Commas made its statement. “If you ah e ever entered an API key into 3Commas, please disable it immediately”.
Now, 3Commas allows users to create trading bots that automatically carry out trades on their behalf on external cryptocurrency exchange. Users enter the API key they receive from those exchanges into 3Commas to give the app access to their accounts.
Alas, the leaker claims that the API keys released this week were produced on Binance or Kucoin.
Read more:
The Pakistan Software Houses Association (P@SHA) has raised alarms about the severe impact of the…
WhatsApp is rolling out a new feature in its latest Android beta version, allowing users…
ISLAMABAD: Chairman of the Pakistan Telecommunication Authority (PTA), Major General (retd) Hafeez-ur-Rehman, confirmed that no…
Punjab Chief Minister Maryam Nawaz Sharif has announced the launch of a new initiative aimed…
Meta has unveiled a set of new features for Facebook Messenger, designed to improve call…
Islamabad (21st November 2024): PTA hosted a stakeholder consultation on VPN registration, with key participants…