2 - 4 minute read
On December 28, 2022, a hacker posted on the website Pastebin claiming to have gained access to the API data stored in 3Commas’ database. The following day, 3Commas CEO Yuriy Sorokin admitted to the API leak, which affected at least 100,000 users and resulted in unauthorized trades being executed on exchanges such as Binance, Coinbase, and KuCoin. In response, 3Commas issued an official email statement and blog post addressing the incident and outlining the measures being taken to address the issue.
In the email, 3Commas confirmed that some user API data had been disclosed by a third party and requested that Binance, KuCoin, and other supported exchanges revoke all keys connected to 3Commas. The company also recommended that users reissue their API keys. In the blog post, 3Commas stated that it is investigating the hacker’s claim that an employee sold the user data and has engaged law enforcement authorities in the investigation.

The leak has caused outrage among the 3Commas community, with many demanding refunds and threatening legal action if their funds are not recovered. Some estimates put the total losses for 3Commas users at over $12 million. The company has faced criticism for its initial denial of the hack and its attempts to shift the blame onto users, leading to accusations of “gaslighting” and defaming users as “bad faith actors” who “falsified evidence.”
In the wake of the leak, Binance CEO Changpeng Zhao has advised users to disable any API keys they may have provided to 3Commas. There have also been calls for an investigation into the leak and 3Commas’ handling of the situation, with some suggesting that regulatory authorities should examine the incident.