FBI probes 3Commas API-key leak, reports say

US authorities have opened an investigation into the leak of API keys belonging to users of the algorithmic-trading platform for digital assets, 3Commas. CoinDesk reports this.

According to the publication, representatives from the office of the FBI in Cincinnati have contacted at least two clients of the service.

obtained around 100,000 API keys, linked to major exchanges such as Binance and KuCoin. The hacker claimed that the user data was sold to him by a platform employee.

3Commas Statement:

1) We have seen the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have requested that Binance, Kucoin and other supported exchanges revoke all keys that were connected to 3Commas. pic.twitter.com/ZMuzCqeF1j

— 3Commas (@3commas_io) December 28, 2022

«3Commas подчеркивает, что в ходе внутреннего расследования не обнаружено никаких доказательств того, что кто-либо из сотрудников 3Commas каким-либо образом причастен к атакам на данные API», — заявил соучредитель и CEO компании Юрий Сорокин.

По его словам, наиболее вероятным вектором атаки являются фишинг или внедрение вредоносного кода в ПО платформы. Собственное расследование не выявило «компрометации кода или нарушений систем безопасности», подчеркнул Сорокин.

detected as early as October. The attackers used the access to carry out unauthorized trades in users’ accounts.

Victims formed a group numbering about 60 people, according to CoinDesk. Earlier they contacted the U.S. Secret Service and other law enforcement agencies to determine where their funds went. The group’s leader, Edmundo Peña, valued total losses at no less than $20 million.

Earlier, after the October attack, FTX founder Sam Bankman-Fried urged the hackers to voluntarily return 95% of the stolen funds to exchange users. Their losses exceeded $6 million.

Follow ForkLog’s Bitcoin news on our Telegram — crypto news, rates and analytics.