Cryptoplatform 3Commas has recognized a cyber incident, as a result of which API keys were stolen.
Recently, an anonymous user on Twitter published a set of 10,000 API keys used by 3Commas to interact with crypto exchanges and to perform automatic investment and trading actions on behalf of users.
At the same time, according to the attacker, the total leak includes more than 100,000 API keys, which will be published in the coming days.
The 3Commas administration investigated the leak and confirmed the legitimacy of the API keys, calling on all supported exchanges, including Kucoin, Coinbase and Binance, to revoke all keys.
Having started the investigation on November 19, 3Commas took steps to deprive technical staff of access to the infrastructure, believing an insider as the culprit of the incident, but found no evidence of this version.
In the meantime, 3Commas has not been in a hurry to investigate, many of its clients have already lost funds over the past few months as a result of fictitious transactions on their accounts.
The first reports of criminal transactions via 3Commas were received in October 2022 and have peaked in recent weeks. In November, some owners lost about $6,000,000 worth of crypto assets altogether.
Even after that, the platform rejected the possibility of hacking, I lay all responsibility for what happened on the users themselves, who could become victims of phishing attacks or use Trojan applications.
Later on December 10, 2022, 3Commas published an investigation report claiming that they had failed to find evidence of compromise of their systems.
The next day, the platform published a new publication in which it rejected claims that its employees were stealing user API keys to steal user assets.
3Commas users whose reports on unauthorized transactions were rejected by the company are now demanding a full refund. So far, 3Commas has not made any statements about possible compensation.
Nevertheless, the company recommends that users independently reissue their keys on all related exchanges and contact the 3Commas support service for recommendations on further actions in each case