3Commas CEO finally takes responsibility for API key leak

Binance CEO Changpeng ‘CZ’ Zhao said he was fairly certain that 3Commas, a platform for managing cryptocurrency trades, had a widespread API key leak.

On December 29, CZ advised users on Twitter to disable any Exchange API key they ever input on the 3Commas platform. Additionally, he responded to a user stating that although Binance is attempting to disable it on the site, the task is ‘difficult’.

CZ’s statement comes after an incident on December 9, where Binance closed the accounts of some users who complained that their funds had been withdrawn.

First, a user Claimed That the 3Commas platform had exposed API keys. It was apparently used to trade low-cap crypto assets in order to drive prices and profit.

In response, Binance refused to reimburse users. CZ argued that it can never be sure that users haven’t stolen their own API keys. They said, “The trading was done using the API keys you created. Otherwise, we’ll just pay users for losing their API keys. Hope you understand.”

Denied Security Issues

On December 11, 3Commas CEO Yuri Sorokin said that false screenshots showing its dysfunction security Was roaming around on twitter and youtube. Additionally, he denied claims that 3Commas staff members had stolen API keys.

He reasoned, “The person who created the screenshot did a good job with the HTML editor, but he made some critical mistakes that easily prove his claims are fake. We’ll go through those points.”

In late October, 3Commas first began experiencing security concerns. In response to users’ allegations about unauthorized trading on FTX at the time, the exchange also security alert issued,

ftx and 3comas set This is in the form of a possible phishing attempt where hackers created 3Commas accounts to trade. According to 3Commas, the API keys were not taken from their proprietary platform but from replica websites.

Sorokin later acknowledged that evidence showed phishing was at least a contributing factor to API piracy.

However, the crypto community on Twitter claimed that 3Commas API keys were compromised due to a security breach.

Bitcoin Silk Road DoJ

3Commas finally admits to experiencing a data leak

In a recent development, CEO Yuri Sorokin took to Twitter to admit for the first time that there was a data leak at his company. Sorokin said that after viewing the hacker’s message, he had verified that the information in the files was correct. Furthermore, the executive confirmed that 3Commas has now demanded Binance to immediately revoke all keys, kukoinand all supported exchanges.

Manch Pramukh also admitted that inside job is always possible but no evidence was found in the investigation.

Now, he claims that the platform has launched a full investigation involving law enforcement. Meanwhile, the Twitter account of 3Commas claims That any keys made after November 16 are not at risk.

The platform also said, “We urge every user to reissue their keys to exchanges. Again, we commit to saying that no keys are at risk after November 16th. Updates, they will be canceled by the exchanges to ensure the security of your account.”

Estimated damage over $10 million

On December 23, a group of traders alleged that an API key from the 3Commas platform was compromised, leading to the theft of over $22 million in cryptocurrency.

3Commas only came clean after the Twitter crypto community obtained and publicly posted nearly 100,000 API keys of its users.

On December 20, blockchain explorer ZachXBT claimed that 44 victims had lost approximately $14.8 million due to stolen keys.

In their latest statement, ZachXBT said, “3Commas finally acknowledged the leak, but the damage was already done. For weeks they have been blaming its users and accepting zero responsibility.


BeInCrypto has reached out to the company or the person involved in the story for an official statement regarding the recent development, but has yet to hear back.

#3Commas #CEO #finally #takes #responsibility #API #key #leak



Leave a Reply

Your email address will not be published. Required fields are marked *