An anonymous Twitter user claims to have obtained user API keys from the 3Commas database. The leak comes after 3Commas warned users of ‘phishing’ after widespread attacks. Meanwhile, Binance CEO Changpeng Zhao warned users about the issue.
API keys at 3Commas leaked?
An anonymous Twitter user claims to have seized around 100,000 API keys belonging to users of the crypto trading service 3Commas. The leaker unidentified released more than 10,000 such keys on Wednesday. It also said it will ‘randomly release’ the rest in the coming days.
The leak came after dozens of 3Commas users claimed their API keys were used to trade on exchanges like Binance, KuCoin, and Coinbase without their permission. 3Commas confirmed that as of October, users have lost at least $6 million to attackers. However, this amount has at least doubled in recent weeks, according to users who have made a statement.
As Kriptokoin.com, we do not provide any details regarding the fake Twitter account. Because if the leak is real, doing so will expose more sensitive private information. This is defined as a crime by the laws on the protection of personal data.
3Commas initially said the losses were due to phishing attacks. But over 50 of its users insisted that their credentials must have been leaked by an exchange like 3Commas, Binance or Coinbase. The leaked database, if real, is the clearest evidence that these users could be right that their credentials were leaked.
Warning for 3Commas leak from Binance CEO!
Binance CEO Changpeng Zhao (CZ) also stepped in regarding the leak. CZ shared on Wednesday afternoon that he thinks there are widespread API key leaks from 3Commas. It also warned users about this issue saying, “If you have put an API key on 3Commas (from any exchange), please deactivate it immediately”.
3Commas allows users to set up trading bots that automatically execute transactions on their behalf on crypto exchanges. These exchanges generate API keys. Thus, users add these keys to 3Commas to allow the app to access their account. The API keys in this week’s leak were created on Binance and KuCoin, according to the leaker.