Anonymous Twitter User Has Leaked 3Commas API Keys

In the Brief:

  • API keys used for unauthorized trades
  • 3Commas initially attributed losses to phishing attacks
  • Binance CEO advises users to disable API keys from 3Commas
  • Possible evidence of credential leak

2 - 3 minute read

Dozens of 3Commas users have stated that without their permission, their API credentials were used to make trades on exchanges. 3Commas reported that at least $6 million was stolen by customers beginning in October, although individuals who talked with CoinDesk indicate that the actual figure may be greater. The company initially blamed the losses to phishing assaults, but consumers who have organized themselves into Telegram group conversations allege that their credentials were compromised by 3Commas or a cryptocurrency exchange like Binance or Coinbase.

Leaked Database May Provide Clues Regarding Credential Leak

If the database is genuine, it could provide additional evidence that the credentials of 3Commas users were truly compromised. CoinDesk has reached out to 3Commas for comment regarding this issue. On Wednesday, Binance CEO Changpeng Zhao tweeted that he believed extensive API key leaks from 3Commas and encouraged users to disable any API keys they may have provided to the site.

3Commas permits users to configure trading bots that execute trades on their behalf on third-party cryptocurrency exchanges. These transactions create API keys that users can enter into 3Commas to enable the application access to their accounts. The API keys contained in this week’s hack purportedly originated from Binance and KuCoin.

CoinDesk has chosen not to connect to or identify the anonymous Twitter account responsible for the leak in order to safeguard the sensitive private information of 3Commas users. If the leak is legitimate, identifying the account would simply increase the exposure of the data.

Disclaimer: The content in this article is provided for informational purposes only and should not be considered as financial or trading advice. We are not financial advisors, and trading carries high risk. Always consult a professional financial advisor before making any investment decisions.

Leave a Reply

Your email address will not be published. Required fields are marked *