Yuriy Sorokin, founder and CEO of trading bot platform 3Commas, has published an update on his investigation into API keys and trading platform attacks.
The report states that 3Commas collected information from affected users, but the information showed that each case was different and had no commonality between them other than unauthorized trading activity. A large number of high-net-worth individuals who used 3Commas were not affected, indicating that it was not a vulnerability in 3Commas' system. In addition, 3Commas said that phishing was at least in part a contributing factor.
In the future, 3Commas will continue to work with exchanges to provide more and more secure exchange connection options, such as Fast Connect; disable old and inactive trading API connections that are more than 90 days old; contact individual exchanges to provide public API keys for disabled connections so that they can be deleted on the exchange side to ensure user security. In addition, 3Commas recommends that all users review their trading API keys.
Previously, many users of Binance, OKX, FTX, and some other exchanges have experienced unauthorized transactions initiated via API keys.