Thursday, January 26, 2023
- Advertisment -
HomeNewsBusinessCritical API Leak Rocks 3Commas’ Crypto Trading Bot Platform

Critical API Leak Rocks 3Commas’ Crypto Trading Bot Platform

Crypto traders utilising the automated trading bot platform 3Commas are cautioned to exercise caution after reports suggest that millions of dollars have been stolen from exchange accounts.

Zhao tweeted in response to an earlier warning from market monitor tier10k, “If you have ever entered an API key in 3Commas (from any exchange), please disable it right once.”

In a tweet posted on Wednesday, Binance CEO Changpeng Zhao (CZ) expressed his “reasonable certainty” that the application programming interface (API) keys associated with 3Commas users had been circulated online.

Users of 3Commas who want to automate plays across many exchanges and markets can link their trading accounts using secret passwords and specially produced API keys. These make user security a top priority since they enable the 3Commas bot engine to carry out deals on the users’ behalf.

We were able to verify that the information in the files was accurate after seeing the hacker’s message, Sorokin added. We have demanded that Binance, KuCoin, and other supporting exchanges immediately cancel all the keys associated with 3Commas.

According to reports, 3Commas users’ Binance and KuCoin exchange accounts’ API keys and secret passwords were also compromised. Yuriy Sorokin, co-founder of 3Commas, later tweeted to confirm this:

A focused phishing attempt against platform users and months of rumors about 3Commas security led to the confirmation of the breach.

In October, three FTX users who were using the platform were phished; criminals had imitated its user interface on malicious websites in an effort to dupe traders into disclosing their API keys and combinations.

Sam Bankman-Fried, the now-disgraced founder of FTX, then made an offer to pay the victims $6 million, however it would only be a one-time payment. Up to this point, 3Commas has consistently denied any API leaks. By December 8, Twitter user CoinMamba had complained about losing money on Binance due to a 3Commas API attack. Later, Binance terminated their account.

Despite the fact that it was impossible to determine whether the API key had been stolen, both Binance and 3Commas declined to compensate the victim. Around the same time, social media was awash with images of stolen 3Commas API keys. In a blog post, Sorokin asserted that the screenshots were phoney and advised any people who had been harmed to contact the authorities.

Sorokin tweeted on Wednesday, “We have installed new security measures and will not stop there; we are conducting a complete inquiry involving law enforcement.” We regret that the problem has progressed this far and promise to remain open in our talks about it.

Although the cat is officially out of the bag, it is still unknown how much cryptocurrency was lost overall and how many people were affected. Last week, on-chain researcher ZachXBT claimed to have found 44 confirmed occurrences with total losses of $14.8 million. “These are the only ones where ownership of the account and identity were confirmed. They tweeted, “The actual number of casualties is undoubtedly higher.

News Summary:

  • Critical API Leak Rocks 3Commas’ Crypto Trading Bot Platform
  • Check all news and articles from the latest Business news updates.


- Advertisment -