Crypto trading bot 3Commas is confirming allegations that its platform has been compromised and user data was leaked.
3Commas CEO Yuriy Sorokin affirmed the security breach, saying that API (application program interface) keys have been stolen after the chief executive of Binance, Changpeng Zhao, warned investors about the situation.
“We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.”
Last week, on-chain researcher ZachXBT says he received a message from an anonymous Twitter user who claims to have over 100,000 API keys of 3Commas users.
“Six hours ago an account messaged me and sent over a [database] with API keys of 3Commas users. I began working to verify its validity and quickly shared the info with exchanges. It seems they will be publishing the full database of 3Commas users soon.”
In November, claims on social media were circulating that the firm’s employees were stealing the API keys. At the time, 3Commas issued a statement saying that bad actors have been making false accusations using doctored evidence.
“We’re now seeing individuals on Twitter and YouTube circulating fake screenshots of Cloudflare logs in an attempt to convince people that there was a vulnerability within 3Commas and that we were irresponsible enough to allow open access to user data and log files.”
Sorokin goes on to address the allegations that 3Commas employees are behind the leak.
“We did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found. Only a small number of technical employees had access to the infrastructure and we have taken action since November 19 to remove their access.”
He says that the firm is now implementing new security measures and is launching a full investigation involving law enforcement.
“We are sorry that this has gotten so far and will continue to be transparent in our communications around the situation.”
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxFeatured Image: Shutterstock/jovan vitanovski/Sensvector