3Commas data leak confirmed; hackers threaten to publish over 100k leaked API keys
3Commas customers are facing a data leak, and thousands of API keys may be published online in the coming days.
Earlier today, Twitter user and on-chain sleuth ZachXBT looked into the 3Commas data leak. Hackers have access to a database containing more than 100k API keys, and they are planning to publish the database online in the coming days.
3Commas is a company promising to “revolutioniz[e] how people invest and trade.” It offers crypto trading bots for major cryptocurrency exchanges, including Binance, Coinbase KuCoin, and Crypto.com. However, there has been some talk that the platform is not as secure as it promises. Earlier this month, 3Commas users started reporting “unauthorized trades on their CEX accounts.” However, the company denied any wrongdoing and blamed phishing for customers losing their funds. As of December 20, at least $14.8 million in total was stolen from 44 people.
According to the messaging from the person or people who have access to the database, the leak is not caused by a bug or exploit, but 3Commas is allegedly responsible for it. They claim 3Commas “sold your information to the biggest bidder.”
“Here is some copies of Binance and KuCoin – trade apis provided by 3commas staff we have the whole database we will be leaking it when we are done filtering your personal informations, so people don’t get doxed, we will only release the api keys,”
hackers wrote.
Both ZachXBT and later 3Commas confirmed that at least some of the API keys are legitimate; some have already been used to access people’s funds. Victims have confirmed their API keys were on the list. According to the hackers, it could have been worse already, as they reportedly have “access to over a billion dollars on APIs.” The hackers claim they “didn’t use them [and] wanted just to teach everybody a low lesson, not a hard one.”
3Commas has finally acknowledged the leak took place, but it denies any wrongdoings or possibility the hack was “an inside job,” claiming no evidence was found. According to the statement made by 3Commas, a “small number of technical employees had access to the infrastructure,” and the company has taken steps to remove their access.
“We have seen the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have requested that Binance, Kucoin and other supported exchanges revoke all keys that were connected to 3Commas,” 3Commas tweeted earlier today.
Whether it is too little, too late remains to be seen as more 3Commas customers are facing possible data leaks. The hackers are raising one important issue, though: Are your crypto assets really safe? Luna crash, 3AC crash, and Alameda Research and FTX crash are just some of the major events that have shaken the crypto space this year alone.
Related posts:
(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s);
js.id = id;
js.src = “//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.5”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));
Source link
