Crypto trading service 3Commas confirms massive API key leak from hack
The chief executive of the crypto trading platform 3Commas, Yuriy Sorokin, confirmed Wednesday that a set of 100,000 application programming interface keys published on Twitter by an anonymous user had in fact been obtained from its service.
This announcement followed reports last week that a group of traders had discovered they had become victims of a hack for approximately $22 million through using 3Commas service.
The service allows users to set up trading bots that automatically execute trades on their behalf on cryptocurrency exchanges. Users link their 3Commas accounts to the service using API keys with the exchange to automate trades and if those keys are stolen it opens up their accounts to potential attack. This is because with access to the API key an attacker can execute trades, move currency and more.
When losses were initially reported, Sorokin asserted that there was nothing wrong with 3Commas security and that there must have been a phishing attack that caused users to give up their API keys.
However, Wednesday the apparent attacker claimed to leak 10% of the total stolen API keys and said that they intended to publish the rest in the following days. In the wake of that publication, Sorokin acknowledged that the APIs came from 3Commas.
After examining the API keys Sorokin and 3Commas warned users that they should disable their keys with any exchanges that are connected to the service such as Binance and Kucoin. This would make it impossible for any attackers to manipulate their cryptocurrency on those exchanges using the stolen API keys.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
“We have seen the hacker’s message and can confirm that the data in the files is true,” Sorokin posted on Twitter as part of a statement from 3Commas. “As an immediate action, we have requested that Binance, Kucoin and other supported exchanges revoke all keys that were connected to 3Commas.”
The company also said that it investigated the possibility that it could have been an inside job and found no evidence to support that.
“Only a small number of technical employees had access to the infrastructure and we have taken steps since November 19 to remove their access,” Sorokin added. According to the statement, the company will also be involving law enforcement in the investigation.
Before the statement from 3Commas, crypto exchange Binance CEO Changpeng “CZ” Zhao warned users on Wednesday that he was “reasonably sure” of “wide spread API leaks” from 3Commas and that users should disable their keys immediately.
Image: Marco Verch
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.