A Twitter user posted a dump containing 10,000 API keys owned by cryptocurrency company 3Commas.
At the same time, he stated that this is only 10% of the 100,000 API keys at his disposal. He promised to publish the remaining keys in the coming days.
Let me remind you that we also wrote that Red Cross asks hackers not to “leak” personal data of 515,000 people online, and also that Data of 2 million Patients Leaked Due to Hack Shields Health Care Group.
Moreover, the media wrote that Data from 5.4 Million Twitter Users Leaked.
3Commas trading bots use API keys to interact with cryptocurrency exchanges and thus do not require users to provide credentials to perform automated trading actions on their behalf.
Representatives of 3Commas have already confirmed that the leak is genuine and the published API keys are valid. The company called on all exchanges, including Kucoin, Coinbase and Binance, to revoke keys associated with 3Commas as soon as possible.
Users, in turn, are advised to independently re-issue keys for all related exchanges, and also contact 3Commas support for recommendations on further actions.
The official statement claims that the company has already checked whether the incident was the work of an insider, but no evidence of this theory has been found.
Interestingly, according to media reports, this leak did not happen yesterday. The fact is that the first reports of unauthorized transactions related to 3Commas began to arrive in October 2022, and in recent weeks have reached their peak. So, in November, users claimed that they had lost about $6,000,000 worth of cryptocurrencies because their credentials were somehow “leaked” from 3Commas. According to journalists, since then this amount has at least doubled.
At the time, representatives of the platform rejected any possibility of hacking, and assumed that the affected users were victims of phishing attacks or were using unofficial thronized applications.
On December 10, 2022, after numerous reports of unauthorized transactions using API keys, 3Commas published an investigation report at all, stating that experts could not find any evidence of compromise of the company’s systems. Also, in a separate publication, company representatives assured that reports that 3Commas employees steal user API keys and thus steal user assets are lies and fakes.
User Review
( votes)
