News

Twitter Published 10,000 API Keys of the Cryptocurrency Company 3Commas

A Twitter user posted a dump containing 10,000 API keys owned by cryptocurrency company 3Commas.

At the same time, he stated that this is only 10% of the 100,000 API keys at his disposal. He promised to publish the remaining keys in the coming days.

Let me remind you that we also wrote that Red Cross asks hackers not to “leak” personal data of 515,000 people online, and also that Data of 2 million Patients Leaked Due to Hack Shields Health Care Group.

Moreover, the media wrote that Data from 5.4 Million Twitter Users Leaked.

3Commas trading bots use API keys to interact with cryptocurrency exchanges and thus do not require users to provide credentials to perform automated trading actions on their behalf.

Representatives of 3Commas have already confirmed that the leak is genuine and the published API keys are valid. The company called on all exchanges, including Kucoin, Coinbase and Binance, to revoke keys associated with 3Commas as soon as possible.

Users, in turn, are advised to independently re-issue keys for all related exchanges, and also contact 3Commas support for recommendations on further actions.

The official statement claims that the company has already checked whether the incident was the work of an insider, but no evidence of this theory has been found.

Only a small number of technical employees had access to the infrastructure, and since November 19, we have taken measures to deprive them of this access. Since then, we have implemented new security measures, and we will not stop there; we are launching a full-fledged investigation, in which law enforcement agencies will be involved.write in the company.

Interestingly, according to media reports, this leak did not happen yesterday. The fact is that the first reports of unauthorized transactions related to 3Commas began to arrive in October 2022, and in recent weeks have reached their peak. So, in November, users claimed that they had lost about $6,000,000 worth of cryptocurrencies because their credentials were somehow “leaked” from 3Commas. According to journalists, since then this amount has at least doubled.

At the time, representatives of the platform rejected any possibility of hacking, and assumed that the affected users were victims of phishing attacks or were using unofficial thronized applications.

On December 10, 2022, after numerous reports of unauthorized transactions using API keys, 3Commas published an investigation report at all, stating that experts could not find any evidence of compromise of the company’s systems. Also, in a separate publication, company representatives assured that reports that 3Commas employees steal user API keys and thus steal user assets are lies and fakes.

Now users whose complaints about unauthorized transactions were previously rejected intend to demand a full refund of lost funds from the company.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Kurlibat.xyz pop-up ads (Virus Removal Guide)

Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…

15 hours ago

Remove Initiateintenselyrenewedthe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…

15 hours ago

Remove Wotigorn.xyz pop-up ads (Virus Removal Guide)

Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…

15 hours ago

Remove Initiateintenselyprogressivethe-file.top pop-up ads (Virus Removal Guide)

Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…

15 hours ago

Remove Nuesobatoxylors.co.in pop-up ads (Virus Removal Guide)

Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…

19 hours ago

Remove Helistym.xyz pop-up ads (Virus Removal Guide)

Helistym.xyz is a site that tries to force you into clik to its browser notifications…

19 hours ago