MultiversX Tracker is Live!

FBI Is Reportedly Investigating 3Commas' API Leak

Finance Magnates

Cryptocoins News / Finance Magnates 254 Views

<p>The United States <a href="https://www.financemagnates.com/tag/fbi/" target="_blank" rel="follow">Federal Investigation Bureau (FBI) is probing</a> the data breach at Estonia-based 3Commas that exposed thousands of linked API keys, Coindesk reported on Friday, though there is no official confirmation yet.</p><p>FBI Shines Light on 3Commas API Leak</p><p>The investigation began after the confirmation of 3Commas' CEO, Yuriy Sorokin on the authenticity of the publicly shared database of 3Commas APIs. Earlier, he was in denial of any such breach and even called the previously leaked API databases fake.</p><blockquote class="twitter-tweet"><p lang="en" dir="ltr">1. Statement from 3Commas:We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.</p>— Yuriy Sorokin (@YS_3Commas) <a href="https://twitter.com/YS_3Commas/status/1608202390121111552?ref_src=twsrc%5Etfw">December 28, 2022</a></blockquote><p>The concerns around the security measures of 3Commas began in late October when then-functional crypto exchange <a href="https://www.financemagnates.com/cryptocurrency/news/ftx-to-compensate-phishing-victims-with-6-million/" target="_blank" rel="follow">FTX issued a security alert</a> in response to an unauthorized trade from a customer account. Though FTX and 3Commas concluded that the hackers created a 3Commas account to execute the malicious trade, the Estonian company said, "the API keys were not taken from 3Commas but from outside of the 3Commas platform."</p><p>In a consecutive blog post, Sorokin acknowledged that 3Commas had "hard evidence that <a href="https://www.financemagnates.com/terms/p/phishing/" target="_blank" id="ab3b6971-b22e-40d3-9c34-9e4b3b557786_1" class="terms__main-term">phishing</a> was at least in some part a contributory factor" leading to users' losses.</p><p>According to the crypto-focused publication, a 60-member 3Commas victim group earlier approached the US Secret Service and other law enforcement agencies with complaints of their missing <a href="https://www.financemagnates.com/terms/c/cryptocurrencies/" target="_blank" id="b091101e-6e02-4b36-aa0e-7c972dfdd6ed_1" class="terms__secondary-term">cryptocurrencies</a>.</p><p>An official 3Commas ad.</p><p>The Publicly Leaked 3Commas APIs</p><p>The latest controversy around 3Commas started when an anonymous Twitter user recently shared a database of the leaked 3Commas API on social media. It included 100,000 <a href="https://www.financemagnates.com/cryptocurrency/us-based-fintech-firm-ideal-launches-crypto-analytics-api-solution/" target="_blank" rel="follow">Binance and KuCoin API keys</a> linked to 3Commas. Earlier, 3Commas said that the APIs were leaked due to phishing, and the platform's security was intact.</p><blockquote class="twitter-tweet"><p lang="en" dir="ltr">PSA3Commas API leak has been published, if you haven't already REMOVE YOUR API KEY <a href="https://t.co/yEvrxyWBIq">pic.twitter.com/yEvrxyWBIq</a></p>— db (@tier10k) <a href="https://twitter.com/tier10k/status/1608186096411725826?ref_src=twsrc%5Etfw">December 28, 2022</a></blockquote><p>Now many have pointed out the internal involvement in these API breaches. However, Sorokin squashed these claims on Thursday, saying: "3Commas stresses that it has found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data."</p><p>"Since becoming aware of the suspicious activities taking place, we immediately launched an internal investigation. We will continue with the investigation in the light of the new information and also notify law enforcement authorities accordingly."</p><p>On top of that, the latest API leak on the public platform alarmed other crypto giants, as Binance's CEO Changpeng Zhao issued a public warning, asking users to disable their 3Commas API.</p><p>Earlier this month, <a href="https://www.financemagnates.com/tag/binance/" target="_blank" rel="follow">Binance </a>canceled a user's account who complained of losing funds due to an API breach. However, Binance declined to reimburse the user, saying that the exchange could not confirm the losses.</p><blockquote class="twitter-tweet"><p lang="en" dir="ltr">Mamba, there is almost no way for us to be sure users didn’t steal their own API keys. The trades were done using API keys you created. Otherwise we will just be paying for users to lose their API keys. Hope you understand.</p>— CZ ???? Binance (@cz_binance) <a href="https://twitter.com/cz_binance/status/1601193403257344000?ref_src=twsrc%5Etfw">December 9, 2022</a></blockquote> This article was written by Arnab Shome at www.financemagnates.com.
Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.



Comments