Last week, a group of traders reported that $22 million worth of cryptocurrency had been stolen through compromised API keys from the trading platform 3Commas. Initially, the company denied any security issues on its end and suggested that a phishing attack was responsible for the leak. However, on Wednesday, 3Commas co-founder Yuriy Sorokin admitted that the leaked API keys were genuine and apologized for the situation.
What is 3Commas?
3Commas is a platform that allows users to link multiple cryptocurrency exchange accounts, such as those on Binance, to automated trading software via APIs (application programming interfaces). These standardized mechanisms enable separate software components to communicate and perform tasks without the need for human intervention. However, the platform has come under scrutiny in the past for its handling of APIs.
API Key Hack
An anonymous Twitter user claimed to have obtained around 100,000 API keys belonging to 3Commas users and published them online. Blockchain investigator @ZachXBT verified a group of 44 victims who lost a total of $14.8 million through API keys stolen from 3Commas. Sorokin initially suggested that the leaked API keys were not from 3Commas and blamed the issue on user incompetence. He argued that if the leak had originated from 3Commas, there would have been millions of cases instead of just a few hundred.
However, Binance CEO Changpeng Zhao tweeted that he was “reasonably sure” there were “widespread API key leaks” from 3Commas. In response, Sorokin announced that 3Commas had asked Binance and Kucoin, among other supported exchanges, to revoke all keys connected to the platform. 3Commas has also recommended that users disable their API keys.
This is not the first time that 3Commas and its API handling have faced criticism. In the months leading up to FTX’s bankruptcy, the company’s CEO agreed to refund $6 million to customers affected by a phishing scam involving 3Commas.
Refunds and Ongoing Investigation
3Commas has not commented on plans to refund affected users, citing the ongoing investigation. The company stated that it will “continue to work with our customers and keep them updated.”