Key Takeaways:
- 3Commas finally accepted that there was a lead of API keys.
- However, the firm blamed exchanges for the loss of users' funds.
NEW DELHI (CoinChapter.com) — After vehemently denying any problem with their database, trading platform 3Commas has finally accepted that it was the source of an API leak.
The announcement from 3Commas came after an anonymous Twitter user published around 100,000 API keys belonging to 3Commas users. Moreover, the leaker claimed they would publish the remaining list randomly “in the upcoming days.”
On-chain analyst ZachXBT tweeted that an account shared a database containing API keys of 3Commas’ users in a message. The self-proclaimed “crypto sleuth” verified the message’s authenticity and notified the exchanges.
Furthermore, Zach noted some of the keys were potentially active, which is why he would not share details of the database. In addition, the leakers stated that they would publish all the leaked APIs’ details soon.
ZachXBT checked with the 3Commas victim group and “confirmed multiple people had matched their API keys in the database.“
Also Read: Top 10 Most Hated Crypto Celebs of 2022
Earlier, the blockchain sleuth had reported identifying a verified group of 44 victims who lost $14.8 million due to the hack. Moreover, ZachXBT revealed that the various exchanges have refused to acknowledge users’ complaints.
3Commas Founder Says, “We are sorry“
ZachXBT was one of the first in the crypto universe to bring the 3Commas leak to light. However, founder Yuriy Sorokin and the firm’s social media team and reputation managers categorically denied the rumors of a leak.
Instead, the 3Commas team replied to all the tweets related to hack rumors with a message that screamed their platform remained secure. In addition, Sorokin and 3Commas repeatedly suggested aggrieved users contact the police.
Moreover, Sorokin tore into news reports of the leak, claiming “incompetency from big media sources” was astonishing. The 3Commas co-founder also stated the leak “had nothing to do with 3Commas API, period.”
Sorokin argued that had the leaks come from 3Commas, there would have been millions of victims, “not a hundred.“
But, on Dec 29, Sorokin released a statement from 3Commas, stating that the firm had taken note of the hacker’s message and notified supported exchanges to revoke all API keys associated with 3Commas.
Additionally, the 3Commas CEO refuted that the leak was an inside job. Sorokin noted that “Only a small number of technical employees had access to the infrastructure,” and the firm removed their access in Nov.
We are launching a full investigation involving law enforcement. We are sorry that this has gotten so far and will continue to be transparent in our communications around the situation.
Yuriy Sorokin said in the statement
Responding to Sorokin’s statement, ZachXBT noted how 3Commas had blamed users for falling victim to phishing attacks and denying responsibility for the leak. Moreover, the blockchain sleuth warned users to “never give incompetent clowns like 3Commas your business ever again.”
“It’s The Exchanges’ Fault”
Meanwhile, a former admin for the 3Commas community in Indonesia, Richard Setiawan, replied to a query from CoinChapter, stating that he didn’t believe the firm’s team deliberately withheld information regarding the leak.
Also Read: MicroStrategy (NASDAQ:MSTR) dips after Acquiring $42.8M Worth of Bitcoin
Setiawan quickly pointed out that “all of this could have been prevented if Binance employs [sic] ONE API ONE CONNECTION POLICY.”
Yuriy [Sorokin] dont withheld information from user. Probably he just didn’t use the best network security auditor in the world to overlook their network, but he definitely learnt something new, and improve from it. [Sic]
Setiawan told CoinChapter
Moreover, Setiawan claimed that Binance CEO CZ’s tweet on the 3Commas fiasco was a “conspiracy theory” and that CZ was trying to destroy the firm. The former 3C admin claimed Binance was conspiring to “buy 3C for cheap.”
Lastly, Setiawan told CoinChapter that 3Commas does not hold users’ funds, claiming “Binance should be more proactive in securing user funds.“
Salva A, reputation manager at the firm, replied to CoinChapter’s queries with a link to the official statement from the firm. But, Mr. Salva refused to comment on CoinChapter’s queries directly.
CoinChapter also reached out to Yuriy Sorokin for comments, but there has been no reply from the 3Commas CEO at press time.
