- The cryptocurrency trading platform 3Commas has faced an attack that leaked some of its users’ API data, and has launched an investigation as well as reporting the situation to the FBI.
- The platform advises that affected users report the incident to the police or cybercrime units in their areas in case of the data leak results in them losing money.
- According to 3Commas, the attackers may have amassed the API information over time and then waited for the market to cool off before launching their attack.
3Commas, a cryptocurrency trading platform, has recently discovered that a third party has disclosed some of its user’s API data (API keys, secrets, and passphrases). After becoming aware of the attack, 3Commas launched an investigation and announced that it would notify enforcement authorities. They have also added that they have requested exchanges to revoke all keys that were connected to 3Commas. 3Commas suspects the API details were gathered over an extended period of time and the attackers waited for the market to slow down to launch their attack.
3Commas releases statements
Although the attack seems like an API data leak only, the platform advises its users to report to the police in their area if their account has been affected to make sure they can get their money back and they can freeze accounts if they end up being affected.
3Commas Statement:
1) We have seen the hacker's message and can confirm that the data in the files is true. As an immediate action, we have requested that Binance, Kucoin and other supported exchanges revoke all keys that were connected to 3Commas. pic.twitter.com/ZMuzCqeF1j
— 3Commas (@3commas_io) December 28, 2022
In their Twitter statement, 3Commas clarifies that it is not likely to be an inside job as only a small number of technical employees had access to the infrastructure and they have taken steps since November 19 to remove their access. You can also follow their updates on the investigations done on their site.
« 3Commas has almost 1 million active API keys in its database. Less than 0.02% of keys were impacted. As of now, 40% of users who initially contacted 3Commas about this attack have been unwilling to cooperate with 3Commas and can not be confirmed as victims. At least 2 cases were confirmed as never having been users of 3Commas in any way, and 2 users also reported one of their exchange accounts was compromised but it had never been connected to a 3Commas account. »
3Commas also announced what the next steps would be to ensure the security of their data. Some of them are:
- They will disable old and inactive exchange API connections more than 90 days old.
- Continuing working with exchanges to provide additional and more secure, exchange connection options, such as Fast Connect.