{"id":71306,"date":"2022-12-12T11:09:53","date_gmt":"2022-12-12T09:09:53","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=71306"},"modified":"2025-09-08T07:55:08","modified_gmt":"2025-09-08T04:55:08","slug":"3commas-denies-leak-of-users-api-keys","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/3commas-denies-leak-of-users-api-keys\/","title":{"rendered":"3Commas denies leak of users\u2019 API keys"},"content":{"rendered":"<p>The algorithmic trading platform for cryptocurrencies 3Commas has denied that employees stole users&#8217; <span data-descr=\"Application Programming Interface \u2014 application programming interface\" class=\"old_tooltip\">API<\/span>-keys, and described the information circulating on social media as a targeted attack.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">There have been some false rumors shared by bad faith actors using falsified evidence to claim 3Commas leaked users\u2019 API keys. These rumors were related to fake screenshots of Cloudflare logs that have been shared on Twitter and Youtube.<br \/>The full article: <a href=\"https:\/\/t.co\/KVOF2BWlYn\">https:\/\/t.co\/KVOF2BWlYn<\/a> <a href=\"https:\/\/t.co\/qJ52CvnVg0\">pic.twitter.com\/qJ52CvnVg0<\/a><\/p>\n<p>\u2014 3Commas (@3commas_io) <a href=\"https:\/\/twitter.com\/3commas_io\/status\/1602024943708999682?ref_src=twsrc%5Etfw\">December 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Founder and CEO Yuri Sorokin said that the accusations circulated on Twitter and YouTube about the team leaking keys are based on fakes. According to him, the person who allegedly produced the screenshots confirming the theft made &#8220;several key mistakes&#8221;.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">3commas <a href=\"https:\/\/twitter.com\/CoinDesk?ref_src=twsrc%5Etfw\">@CoinDesk<\/a> <a href=\"https:\/\/twitter.com\/CryptoAmb?ref_src=twsrc%5Etfw\">@CryptoAmb<\/a> <a href=\"https:\/\/twitter.com\/SShillsalot?ref_src=twsrc%5Etfw\">@SShillsalot<\/a> <a href=\"https:\/\/twitter.com\/coinmamba?ref_src=twsrc%5Etfw\">@coinmamba<\/a> <a href=\"https:\/\/twitter.com\/Shaifing?ref_src=twsrc%5Etfw\">@Shaifing<\/a> <\/p>\n<p>3commas employees are stealing the API keys<br \/>I attached the screenshots from the Cloudflare that shows 3commas dashboard and how API keys are exposed there.<\/p>\n<p>Please Check this report <a href=\"https:\/\/t.co\/SOX8Nsz1Zw\">https:\/\/t.co\/SOX8Nsz1Zw<\/a> <a href=\"https:\/\/t.co\/cPFbqNbxbZ\">pic.twitter.com\/cPFbqNbxbZ<\/a><\/p>\n<p>\u2014 Angela Rueda (@AngelaR35190738) <a href=\"https:\/\/twitter.com\/AngelaR35190738\/status\/1601808303234883585?ref_src=twsrc%5Etfw\">December 11, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Sorokin noted that the posted images purportedly show Instant Log pages in the Cloudflare dashboard. This would allow viewing the logs for one\u2019s site.<\/p>\n<p>However, the head of 3Commas pointed to a number of inconsistencies:<\/p>\n<ul class=\"wp-block-list\">\n<li>the screenshots show the date November 2, but Cloudflare&#8217;s support team confirmed that no one from the platform&#8217;s staff requested the feature on that day, or in the last 12 months;<\/li>\n<li>3Commas uses a corporate version of the service, so the default navigation menu should contain more items;<\/li>\n<li>the logs in the images do not correspond to the types of requests.<\/li>\n<\/ul>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>As the main takeaway, we see that the attackers put considerable effort into creating fake pictures. This is an unprecedented information attack. But it would be nonsensical to take seriously any \u201csecurity-service reports\u201d that rely on such \u201cevidence,\u201d Sorokin emphasized.<\/p>\n<\/blockquote>\n<p>Earlier, he described the conclusions the platform&#8217;s team reached during the investigation into the incident involving <a href=\"https:\/\/forklog.com\/en\/news\/3commas-and-ftx-report-compromise-of-several-users-api-keys\">the compromise of API keys<\/a> of users of several exchanges, including FTX and Binance.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\"><a href=\"https:\/\/twitter.com\/3commas_io?ref_src=twsrc%5Etfw\">@3commas_io<\/a> public statement regarding API keys issues. We decided to go into detail and tell you what we actually did. A lot of fake and nonsense info is being pushed by some low-level Twitter users, be careful with that.<a href=\"https:\/\/t.co\/ZFva6dNZzO\">https:\/\/t.co\/ZFva6dNZzO<\/a><\/p>\n<p>\u2014 Yuriy Sorokin (@YS_3Commas) <a href=\"https:\/\/twitter.com\/YS_3Commas\/status\/1601653917028614144?ref_src=twsrc%5Etfw\">December 10, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Sorokin confirmed that there was no data leak from the platform \u2014 the attackers obtained the necessary information via phishing. The operation involved numerous IP addresses from Russia. Some affected users had never interacted with 3Commas, he noted.<\/p>\n<p>The founder urged victims to contact law enforcement authorities immediately, as this would help freeze the stolen funds.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>We strongly recommend that affected users get in touch with the exchange where unauthorized transactions occurred and request details about the malicious accounts so that they can pass as much information as possible to law enforcement, added Sorokin.<\/p>\n<\/blockquote>\n<p>As previously reported, the co-founder and former CEO of FTX, Sam Bankman-Fried <a href=\"https:\/\/forklog.com\/en\/news\/ftx-chief-assesses-damage-from-api-key-compromise-and-reaches-out-to-hackers\">estimated the damage<\/a> to users of the exchange at more than $6 million.<\/p>\n<p>Read ForkLog&#8217;s bitcoin-news on our <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">Telegram<\/a> \u2014 crypto news, rates and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The algorithmic trading platform for cryptocurrencies 3Commas has denied that employees stole users&#8217; API keys and described the information circulating on social media as a targeted attack.<\/p>\n","protected":false},"author":1,"featured_media":71307,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[2313,1154],"class_list":["post-71306","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-3commas-io","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"15","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/71306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=71306"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/71306\/revisions"}],"predecessor-version":[{"id":71308,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/71306\/revisions\/71308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/71307"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=71306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=71306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=71306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}