[ad_1]
- Binance, KuCoin and other exchanges where users accessed 3Commas are targeted by a database leak.
- Users of the trading bot generated and shared API keys with their 3Commas account to allow trading, exploiters reveal that several keys are still active.
- 3Commas launched a full investigation involving law enforcement and implemented new security measures to protect users.
Binance, KuCoin and other cryptocurrency trading platforms where users granted access to trading bot 3Commas through API keys are hit by an exploit. The hacker has shared select keys from a 100,000 API key database of which most accounts are still active. The team behind the algorithmic trading bot acknowledged the hack and assured traders that new security measures are in place.
Also read: Binance CEO Changpeng Zhao believes external factors are driving fear among BNB holders
Binance, KuCoin users of 3Commas hit by sensitive information leak
Binance, one of the largest crypto exchanges by trade volume and Seychelles-based trading platform KuCoin users are hit by an API key leak. API is short for Application Programming Interface, a set of rules describing how two applications interact with each other. In crypto trading, an API grants access to the real-time market data, trades and manages the user’s account.
Traders on exchanges like Binance and KuCoin accessed the 3Commas trading bot and shared API keys for auto-execution of trades. The team behind the algorithmic trading platform has confirmed the leak and asked users to revoke access for 3Commas.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
Yuriy Sorokin, CEO and founder of 3Commas.io assured users that the API key leak was not an inside job. An anonymous Twitter user shared a few API keys from a database of 100,000 of which many are still active. Zach XBT, a crypto influencer shared screenshots of his conversation with the exploiter in a recent tweet.
1/ Six hours ago an account messaged me and sent over a db with api keys of 3Commas users. I began working to verify its validity and quickly shared the info with exchanges. pic.twitter.com/MBKatUyzBE
— ZachXBT (@zachxbt) December 28, 2022
3Commas is cooperating with law enforcement to identify the bad actor
After confirming that the 3Commas leak was not an inside job, the team behind the trading bot is working with law enforcement to identify the bad actor behind the incident. In the meanwhile the platform’s CEO recommends users revoke access granted to third-party firms for algorithmic trading through bots.
Crypto influencers raised red flags with details of a potential API key leak constantly for weeks while the founder and the 3Commas team denied it. This is the first instance where the platform has acknowledged the exploit and shared details with users.
[ad_2]
Source link
