News

Binance Warns About 3Commas API Leak, Says Users Should Disable Keys

single-image

Quick Take

  • Binance CEO Changpeng Zhao said he’s “reasonably sure” there were “wide spread API key leaks” from trading-bot platform 3Commas after fresh speculation emerged on social media Wednesday.
  • A 3Commas spokesperson said the company had seen a message from the hacker and confirmed the data in the posted files was real.

Binance CEO Changpeng Zhao said he’s “reasonably sure” there were “wide spread API key leaks” from trading-bot platform 3Commas after fresh speculation about an October incident emerged on social media on Wednesday.

Stay in the know on crypto by frequently visiting Crypto News Today

A 3Commas spokesperson confirmed the leak in a statement to The Block. 

“I strongly believe @tier10k is correct here,” he wrote on Twitter, referring to a post from a user that said an API leak had been published. “If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.” 

An investigation conducted by 3Commas and the now-collapsed FTX crypto exchange in October revealed that API keys had been used to conduct unauthorized trades for DMG trading pairs. The 3Commas team was alerted to the incident on Oct. 20, when FTX API keys connected to the platform were used to perform unauthorized trades.

3Commas said at the time that the API keys were not taken from the company and had probably been obtained from a third-party phishing attack or hack.

3Commas confirms leak

A 3Commas spokesperson on Wednesday said the company had seen a message from the hacker and confirmed the data in the posted files was real.

By signing-up you agree to our Terms of Service and Privacy Policy

“As an immediate action, we have asked that Binance, Kucoin and other supported exchanges revoke all of the keys that were connected to 3Commas,” the spokesperson said in an emailed response to questions from The Block. “We are sorry that this has gotten so far and will continue to be transparent in our communications around the situation.”

The company said that it has not found proof of an “inside job.”

“Only a small number of technical employees had access to the infrastructure and we have taken action since November 16 to remove their access,” the spokesperson said. “Since then, we have implemented new security measures and will not stop there; we are launching a full investigation involving law enforcement.”CRYPTOCASTER® - DECENTRALIZED FREEDOM!
Read More at THEBLOCK


© 2022-2023 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.

Support CryptoCaster with any amount of Bitcoin by copying and pasting our Unstoppable Domain; villagewest.crypto in your sending wallet or crypto coin exchange.

Your contribution support will help in our growth, coverage, and global presence. CryptoCaster is a decentralized publisher “Covering a Global Evolution Re-defining Mediums Of Exchange”. We will continue to upgrade and create impactful sections to our lineup.
Any amount, as often as you can contribute will be greatly appreciated.
Every contribution, however big or small, is so valuable for our future. Thank you for your consideration and support!
Member of Global Meta Media Consortium℠www.g2mc.world

Leave a Comment

Your email address will not be published.

You may also like