3Commas denies leak of users’ API keys

The algorithmic trading platform for cryptocurrencies 3Commas has denied that employees stole users’ API-keys, and described the information circulating on social media as a targeted attack.

There have been some false rumors shared by bad faith actors using falsified evidence to claim 3Commas leaked users’ API keys. These rumors were related to fake screenshots of Cloudflare logs that have been shared on Twitter and Youtube.
The full article: https://t.co/KVOF2BWlYn pic.twitter.com/qJ52CvnVg0

— 3Commas (@3commas_io) December 11, 2022

Founder and CEO Yuri Sorokin said that the accusations circulated on Twitter and YouTube about the team leaking keys are based on fakes. According to him, the person who allegedly produced the screenshots confirming the theft made “several key mistakes”.

3commas @CoinDesk @CryptoAmb @SShillsalot @coinmamba @Shaifing

3commas employees are stealing the API keys
I attached the screenshots from the Cloudflare that shows 3commas dashboard and how API keys are exposed there.

Please Check this report https://t.co/SOX8Nsz1Zw pic.twitter.com/cPFbqNbxbZ

— Angela Rueda (@AngelaR35190738) December 11, 2022

Sorokin noted that the posted images purportedly show Instant Log pages in the Cloudflare dashboard. This would allow viewing the logs for one’s site.

However, the head of 3Commas pointed to a number of inconsistencies:

• the screenshots show the date November 2, but Cloudflare’s support team confirmed that no one from the platform’s staff requested the feature on that day, or in the last 12 months;
• 3Commas uses a corporate version of the service, so the default navigation menu should contain more items;
• the logs in the images do not correspond to the types of requests.

As the main takeaway, we see that the attackers put considerable effort into creating fake pictures. This is an unprecedented information attack. But it would be nonsensical to take seriously any “security-service reports” that rely on such “evidence,” Sorokin emphasized.

Earlier, he described the conclusions the platform’s team reached during the investigation into the incident involving the compromise of API keys of users of several exchanges, including FTX and Binance.

@3commas_io public statement regarding API keys issues. We decided to go into detail and tell you what we actually did. A lot of fake and nonsense info is being pushed by some low-level Twitter users, be careful with that.https://t.co/ZFva6dNZzO

— Yuriy Sorokin (@YS_3Commas) December 10, 2022

Sorokin confirmed that there was no data leak from the platform — the attackers obtained the necessary information via phishing. The operation involved numerous IP addresses from Russia. Some affected users had never interacted with 3Commas, he noted.

The founder urged victims to contact law enforcement authorities immediately, as this would help freeze the stolen funds.

We strongly recommend that affected users get in touch with the exchange where unauthorized transactions occurred and request details about the malicious accounts so that they can pass as much information as possible to law enforcement, added Sorokin.

As previously reported, the co-founder and former CEO of FTX, Sam Bankman-Fried estimated the damage to users of the exchange at more than $6 million.

Read ForkLog’s bitcoin-news on our Telegram — crypto news, rates and analysis.