3Commas Claims that None of Its Employees Stole API Keys
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
The cryptocurrency trading company 3Commas has debunked allegations that its staff stole consumers’ API keys and alleges that screenshots being circulated on social media are fake. Plus, the company has urged impacted users to contact the authorities or police to prevent the thieves from taking their money.
#Hacks #Phishing 3Commas denies staff members stole API keys https://t.co/U9L5nDqJ9P – https://t.co/HzksZFGgpd pic.twitter.com/cfBkqNobVw
— 🅳🆄🅼🅱🆆🅸🆁🅴 Crypto News 🔥🔥🔥 (@dumbwire) December 11, 2022
In a December 11 blog post, 3Commas co-founder and CEO Yuriy Sorokin claimed that false screenshots of Cloudflare logs were being shared on Twitter and YouTube in an attempt to convince people that 3Commas was risky.
There have been some false rumors shared by bad faith actors using falsified evidence to claim 3Commas leaked users’ API keys. These rumors were related to fake screenshots of Cloudflare logs that have been shared on Twitter and Youtube.
The full article: https://t.co/KVOF2BWlYn pic.twitter.com/qJ52CvnVg0— 3Commas (@3commas_io) December 11, 2022
The CEO of 3Commas, Yuriy Sorokin, has claimed in a post that screenshots of the Cloudflare logs being shared on Twitter and YouTube are fake:
“It was an attempt to persuade people that there had been a vulnerability in 3Commas and we had been irresponsible enough to enable open access to data about users and log files.”
Affected Users Must Report to the Police
Sorokin urged in another blog post on December 10th that impacted customers should submit a police report to have their exchange accounts frozen. After filing the police report, the exchanges will ban the fraudsters’ accounts to stop money from being withdrawn. This will increase the probability that some or all of the money will be returned to the victims. According to the company, if impacted users filed a police report, exchangers would be able to disclose information to law enforcement authorities.
Crypto trading firm also rejects claim that users' API keys were leaked and urges users to file a police report.#Blockchain #ethereum #crypto #blockchain #NFTs #btc #entrepreneur #eth #cryptocurrencies #nftcommunity #nftartist pic.twitter.com/cKFkeUAXL9
— Ruskin Felix (@ruskinfelix) December 12, 2022
CoinMamba, a cryptocurrency trader, was the first to notice a leak. He stated that 3Commas was the only company that had access to an API he had installed and provided with them years before.
According to Cointelegraph, a cryptocurrency trader with the Twitter handle CoinMamba had his Binance account deleted after complaining about lost funds. The stolen API key was linked to a 3Commas account. Binance and 3Commas both deny any participation in the matter.
Crypto exchange Binance has suspended user CoinMamba's account weeks after they lost funds through an API leak. Binance cited unspecified "threats" CoinMamba made to its customer service team in explaining the suspension.@helenebraunn reportshttps://t.co/q7MD9Z73xM
— CoinDesk (@CoinDesk) December 9, 2022
According to 3Commas, phishing attack evidence has been discovered as a “contributory element” in thefts. The company claims that hackers began phishing assaults in October and experimented with several methods.
Sorokin stated:
Also, we have hard evidence that phishing was at least in some part a contributory factor; we published a blog article here showing many fake 3Commas websites that were created and some are still live on the internet, despite our best efforts to have them taken down.”