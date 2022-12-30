Key Points:

The FBI is investigating 3Commas for a data security breach.

100,000 Binance and KuCoin API keys associated with 3Commas were leaked this week.

3Commas employees are suspected of being the culprit.

For the data breach that leaked information on 100,000 API keys on exchanges, the FBI is investigating 3Commas with the suspicion that the platform’s employees are the culprit.

Recently, a large-scale data leak from 3Commas caught the attention of the FBI. The unit has entered the investigation after weeks of criticism from users of the trading bot platform. The community expressed displeasure when the project CEO repeatedly ignored warnings about leaking customer data.

As mentioned in an earlier Coincu News article, 100,000 API keys on Binance and KuCoin associated with 3Commas have fallen into the hands of an anonymous person. On December 28, this person exposed more than 10,000 keys and threatened to post the rest in the coming days “at random.”

Over the past few months, dozens of users have discovered that 3Commas is trading coins without their consent on crypto exchanges to which they are affiliated. Initially, 3Commas said users were likely to be scammed and asserted that the platform was safe.

The API database leaker suggested that insiders of the company sold the 3Commas key, but CEO Yuriy Sorokin said in a statement yesterday that there is no evidence of “internal work.”

“Since becoming aware of the suspicious activities, we immediately launched an internal investigation. We will continue with the investigation in the light of the new information and notify law enforcement authorities accordingly,” Sorokin said in the statement.

Earlier, a group of victims with about 60 members contacted the US Secret Service and other agencies to clarify the amount of money lost. According to the leader of this group, the group’s loss is over $20 million.

As recommended by the CEO of Binance to users yesterday, if you ever set an API key on 3Commas from any exchange, turn it off immediately. The exchange recently applied a policy of deleting the API keys of users who stopped working for 30 days.

This is not the first time user data has been leaked in connection with the platform. Before that, the user suddenly discovered that his FTX account, with more than 5,000 transactions and $1.6 million in assets, had disappeared. The user’s 3COMMAS API was exposed, and all assets were stolen by trading small currency DMG pairs.