Crypto trading firm 3Commas denied user API keys stolen from its employees, claiming screenshots circulating on social media are fake and urging affected users to file a police report to stop withdrawals on exchanges.
In a blog post published on December 11, 3Commas co-founder and CEO Yuriy Sorokin said that fake screenshots of Cloudflare logs are circulating on Twitter and YouTube "in an attempt to convince people that there was a vulnerability within 3Commas and that we were irresponsible enough to allow open access to the data of the users and log files". The alleged screenshots pretend to show how client API keys were exposed in the 3Commas control panel on Cloudflare.
A second Sorokin blog post from Dec. 10 encourages affected users to file a police report to freeze accounts on exchanges. โThe faster this is done, the faster exchanges can freeze perpetratorsโ accounts to prevent funds from being withdrawn and increase the likelihood that some or all of the funds will be returned to victims.โ
As most crypto exchanges follow the standards of their clients, users are required to provide identity details in order to trade or withdraw funds. If affected users provided a police report, exchanges could share this information with investigators, the company noted.
What reported Per Cointelegraph, a cryptocurrency trader by the name of CoinMamba on Twitter closed his account on the Binance platform after he complained about the loss of funds. The leaked API key is linked to a 3Commas account. Both companies, Binance and 3Commas, deny any responsibility for the incident.
3Commas claims to have identified evidence of phishing attacks as a "contributing factor" to the thefts. According to for the company, the phishing attacks began in October, with bad actors trying different phishing techniques. Sorokin stated:
"Furthermore, we have strong evidence that phishing was, at least in part, a contributing factor; we posted a blog article here showing many fake 3Commas websites that were created and some are still active on the Internet, despite our best efforts to remove them. down."
The company is disabling Exchange API connections that are older than 90 days.
Post navigation
