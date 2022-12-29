After claiming for days that platform users had just fallen for phishing scams, 3Commas CEO finally admitted that compromised API keys were behind the loss of funds.

User API Keys Compromised

3Commas admitted that the platform was compromised on Wednesday after an anonymous Twitter user published around 100,000 API keys belonging to users. However, there has been word around the blockchain that the platform’s API database has been compromised for a while now. Just last week, there was news of crypto funds worth $22 million being siphoned away through these compromised API keys. Back then, the platform’s CEO claimed that the loss in funds happened due to the poor decisions taken by some users who fell for phishing scams. However, dozens of users had claimed that their API keys were used to execute trades on exchanges like Binance, KuCoin, and Coinbase without their consent.

Not An Inside Job

With the confirmation of the API database compromise, however, CEO Yuriy Sorokin has been forced to eat his words and admit the real problem with the platform. On Wednesday, he tweeted,

“We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.”

Sorokin also revealed that the team has been investigating the possibility of an inside job, owing to the nature of the hack; however, no such evidence was discovered. The inside job was suspected since a very small number of technical employees had access to the infrastructure. Sorokin claimed that their access had been removed since November 19.

3Commas Failed To Prevent API Compromise

The 3Commas platform allows users to link more than one account held in different crypto exchanges to automated trading software via application programming interfaces or APIs. However, if unwanted parties get hold of these API keys, then they can control all of the linked accounts and drain funds, which is exactly what happened in this situation.

Sorokin spoke about focusing on implementing tighter security measures to prevent a repeat of this incident. He tweeted,

“Since then, we have implemented new security measures and will not stop there; we are launching a full investigation involving law enforcement. We are sorry that this has gotten so far and will continue to be transparent in our communications around the situation.”