Yuri Sorokin, CEO of 3Commas has previously denied allegations over the API breach and has now indeed acknowledged a possible API breach in the service.
The incident came to light after the chief executive officer of Binance Zhao warned his eight million followers of possible API key leaks taking place in the crypto trading platform.
Several Estonia-based Crypto users have repeatedly claimed that its CEO took notice of the API key leaks nonchalantly.
For those who are unaware, 3commas services allow users to automatically execute the trades using trading bots set up by the users themselves in the partnered cryptocurrency exchanges.to execute automatic trades users link their 3commas accounts to the API keys.
The Incident Involved Hackers Trying To Phish For Information: 3Commas
3Commas started experiencing security concerns back in late October, the trading exchange issued a security alert in response to the allegation from users about unauthorized trading on the collapsed FTX.
According to the 3Commas, the incident was an attempt phishing attack by the hackers, and API keys remain safe in the proprietary crypto trading platform itself.
In early December fake screenshots were roaming around the internet on social media giants Twitter and Youtube, showing a lack of security concerns in the trading and app, as well alleges their employees stole the API keys.
In response to this, the trading platform’s CEO Sokorin denied all these allegations and slammed the incident claiming that it was fake screenshots, which can easily be determined by the mistakes they did.
After the leaked screenshots of 3Commas API keys were released by a Twitter user, Sorokin admitted to a potential security breach in their trading platform. He added that the company has unveiled evidence of phishing activities bestowing factors to the user’s loss.
He took to Twitter claiming a possible data breach by an unverified hacker, after witnessing the accurate information in the hacker’s message about the API keys.
In addition, the chief executive demanded to immediate revoke all the keys from Binance, Kucoin, and other supported exchanges as well as instructed users to disable their keys that are linked to any exchanges. Thus, it would restrict the attackers from manipulating the cryptocurrencies.
Currently, the FBI has started its investigation into the crypto trading firm, in the process FBI has found 100,000 Binance and KuCoin API keys being leaked by an anonymous person.
Following the statement made by the API leaker that the API keys were sold by someone within the company, the investigating officers contacted two employees working in the 3 Commas due to suspicious inside activity.
Regarding the speculations, the company immediately conducted an internal investigation with law enforcement to draw out any suspicious activity. According to the company’s CEO.
The compromisation of the security breach has left the company bleeding, allowing it to lose an estimated worth of more than $22 million in cryptocurrency. In addition to this, blockchain investigator ZachXBT found out that around 44 victims have lost another $14.8 million because of the stolen API keys.
After a user raised a complaint about losing funds due to the leaked API keys allowing to make trades in low cap coins to raise the market price to make a profit.
Despite trading in Binance, the CEO canceled the account of the user and declined to reimburse the user, citing that the loss was unverifiable, as the users can simply steal the API keys because it is created by themselves, and Binance claimed that if they reimburse for such losses then they will simply be paying for the users just to lose their API keys.