A few days ago, 3Commas users’ API keys were stolen, which the platform’s CEO claimed to be related to phishing attacks; however, recently, the platform confessed that it was the source of the leak.
3Commas is a leading crypto trading bot software handling the data of thousands of users. It is connected to big exchanges such as Binance and KuCoin to access the market and help its users to make profits.
The API keys leak occurred when some traders reported that crypto tokens worth $22 million were drained out after someone posted 100,000 keys publicly, making user data vulnerable to hackers.
At first, the co-founder of 3Commas Yuriy Sorokin blamed it on a phishing attack and also announced that it had no security breach in their system. On December 28, Sorokin came on Twitter to admit that it was actually an attack.
“We are sorry that this has gotten so far and will continue to be transparent in our communications around the situation.” he tweeted.
3Commas also requested the centralized exchanges revoke all the keys attached to the platforms. The statement also said that the team investigated to see if this was an inside job but found nothing related.
The platform is now investigating the case with law enforcement and asked:
“every user to reissue their keys on the exchanges.”