The CEO of 3Commas acknowledges an API key breach after a CZ alert
This month, the CEO of Binance was not responsive to accusations of losses caused by a 3Comma API key leak; he now suggests deactivating 3Comma API keys.
The CEO of Binance, Changpeng Zhao (CZ), informed his 8 million Twitter followers on December 28 that he is “quite certain” API key breaches are occurring on the cryptocurrency trading site.
The revelation by CZ followed an event on December 9, in which Binance terminated the account of a user who had complained of losing cash the previous day. This user stated that a compromised API key associated with 3Commas was used “to execute transactions on low cap coins in order to benefit from price increases.” Binance denied the user’s reimbursement request. CZ stated that the loss was speculative and that, if the firm compensated for such losses, “we would be paying for consumers to lose their API credentials.”
On the 11th of December, 3Commas CEO Yuriy Sorokin stated on the business’s blog that bogus screenshots were circulating on Twitter and YouTube claiming to indicate that the company had insufficient security and workers were obtaining API credentials. Sorokin refuted the charges via a comprehensive technical investigation of the pictures.
“The individual who developed the screenshots did a good job using an HTML editor, but they made a few crucial errors that reveal their assertions are false. We’ll go through each one in detail.”
In late October, security vulnerabilities initially appeared at 3Commas. During that time, the still-operational FTX exchange issued a security warning in response to user claims of improper transactions involving DMG coin trading pairs. 3Commas and FTX found that the compromised accounts were established by hackers. Nevertheless, according to the 3Commas blog, “the API keys were not obtained from the 3Commas platform but rather from outside of it.”
Sorokin confirmed in a later blog post that “we have concrete proof that phishing was at least partially responsible” for user losses.
A Twitter user has since claimed that all of 3Commas’ API keys have been compromised. Now, Sorokin has verified the leak and said that no evidence of an inside job was uncovered.