29 Dec 2022
API Security Breach at 3Commas: What You Need to Know
Caution is advised for crypto traders using the automated trading bot platform 3Commas after reports indicate millions of dollars have been stolen from exchange accounts.
Automated crypto trading platform 3Commas has been hit by a significant security breach that has resulted in millions of dollars being stolen from exchange accounts. Binance CEO Changpeng Zhao (CZ) tweeted that he was “reasonably sure” that API keys connected to 3Commas users had been shared online. As a result, he advised all users to disable their API keys immediately.
After an earlier warning from industry observer tier10k, Zhao tweeted,
“If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.”
API keys and secret combinations are used by 3Commas users to automate trades across multiple exchanges and markets. These allow the 3Commas bot engine to execute trades on users' behalf, making their security paramount. The leak came after months of speculation over 3Commas' security and targeted phishing campaigns on the platform's users. It still needs to be made clear how many users have been affected by the breach or how much money has been stolen.
This warning was later confirmed by Yuriy Sorokin, co-founder of 3Commas, who said that API keys and secret combinations linked to Binance and KuCoin exchange accounts of 3Commas users had been leaked.
Confirmation by Yuriy Sorokin, co-founder of 3Commas, came in a tweet:
"We saw the hacker’s message and can confirm that the data in the files is true," Sorokin said. "As an immediate action, we have asked that Binance, KuCoin, and other supported exchanges revoke all the keys that were connected to 3Commas."
On-chain researcher ZachXBT has confirmed 44 instances with combined losses of $14.8 million. However, they have stated that this is just the number of verified cases, and the actual number of victims is likely higher. 3Commas has urged any affected users to file police reports and has said that it is launching a full investigation involving law enforcement. The company has also implemented new security measures and promised transparency in its communications about the situation.
This security breach serves as a reminder of the importance of API security. API keys must be kept secure and not shared with anyone. If you are a 3Commas user, it is recommended that you disable your API keys immediately and review your security measures. It is also a good idea to regularly check the API keys you are using and revoke any that are no longer needed. By taking these precautions, you can protect yourself and your assets from API security breaches.
Disclaimer: Nothing on this site should be construed as a financial investment recommendation. It’s important to understand that investing is a high-risk activity. Investments expose money to potential loss.
