Forbes India Showstoppers 2022-23

Confirming CZ's claims, 3Commas confirms API keys leak but denies insider job

There were initial reports of security issues at 3Commas in late October when the FTX exchange issued a security alert about unauthorised trades on its platform

Shashank Bhardwaj
Published: Jan 2, 2023 03:37:08 PM IST

Confirming CZ's claims, 3Commas confirms API keys leak but denies insider jobImage: Shutterstock

The CEO of Binance, Changpeng Zhao (more commonly known as CZ), warned his Twitter followers that he believes there have been leaks of API keys on the cryptocurrency trade management platform 3Commas.

On December 9th, Binance cancelled the account of a user who reported losing funds and claimed that a leaked API key from 3Commas had been used to manipulate the prices of low market cap coins for profit.

Binance did not reimburse the user and Changpeng Zhao, the CEO, stated that the loss was not verifiable and that if the company compensated for such losses, it would essentially be similar to paying users to lose their own API keys.

On December 11th, the CEO of 3Commas, Yuriy Sorokin, published a blog post denying allegations that the company had poor security and that employees were stealing API keys. Sorokin claimed that fake screenshots were being circulated on social media platforms and provided a technical analysis refuting the authenticity of these images. 

Sorokin stated that the person who created the screenshots did a good job with HTML editing but made mistakes that proved their claims were fake.

There were initial reports of security issues at 3Commas in late October when the FTX exchange issued a security alert about unauthorised trades involving the DMG coin on its platform. 

It was later discovered that hackers had created 3Commas accounts to carry out these trades, but according to 3Commas, the API keys used were not obtained from within the 3Commas platform but rather from an external source.

In a later blog post, Yuriy Sorokin, the CEO of 3Commas, acknowledged that there is evidence that phishing was at least partially responsible for some user losses. Additionally, a Twitter user has claimed that all of 3Commas' API keys have been leaked.

At the time of writing, Yuriy Sorokin, the CEO of 3Commas, has confirmed that there has been a leak of API keys, but no evidence was found to suggest that the leak was an insider job.

Shashank is the founder of yMedia. He ventured into crypto in 2013 and is an ETH maximalist. Twitter: @bhardwajshash

Check out our Festive offers upto Rs.1000/- off website prices on subscriptions + Gift card worth Rs 500/- from Eatbetterco.com. Click here to know more.

Post Your Comment
Required
Required, will not be published
All comments are moderated
Photo of the day: Bite for prosperity
Jared Grey proposes new tokenomics for Sushi