The Federal Bureau of Investigation (FBI) has launched an investigation into the hacking incident targeted against an Estonian crypto trading platform, 3Commas.
The hack occurred in early December 2022, during which the hacker gained access to the trading service’s system via the Application Programming Interface (API). How they compromised and accessed the platform’s systems is still a mystery.
Reportedly, 3Commas discovered the hacking on December 10th 2022 and an investigation was launched to determine the scale of damage and perpetrators. The FBI was duly notified. Two service users were contacted by the bureau’s Cincinnati Field Office on Thursday in connection to the incident.
A Case of Misses Alarm?
In a blog post published December 11th, 2022, 3Commas CEO rubbished the claims from hackers and labelled them as “Bad faith actors” who are “making accusations using falsified evidence.”
Additionally, within the past few months, many 3Commas users discovered their funds were traded on different crypto exchanges they had linked to their accounts without their consent.
According to Coin Desk, One of the affected groups comprising sixty members contacted the US Secret Service and other agencies to report their missing funds. As per this group’s leader Edmundo Pena, the losses amounted to over $20 million. However, the platform claimed these users became targets of a phishing attack and there wasn’t anything wrong with the service.
3Commas’ API data was the key target in this breach. An initial probe suggested that an anonymous entity leaked around 100,000 Binance and KuCoin API keys belonging to 3Commas.
Leaked data includes usernames, hashed passwords, and email IDs, but it is unclear if cryptocurrency assets were stolen or financial information was accessed during the breach. According to the API database leaker, the 3Commas keys were sold by an insider.
PSA— db (@tier10k) December 28, 2022
3Commas API leak has been published, if you haven't already REMOVE YOUR API KEY pic.twitter.com/yEvrxyWBIq
However, 3Commas CEO Yuriy Sorokin stated that there was no evidence to believe that any of their employees were involved in the attack. While the investigation is underway, 3Commas has urged users to protect their private and financial data and change their passwords.
Furthermore, they must enable 2FA authentication and monitor their accounts for any unusual activity. Binance CEO Changpeng Zhao aka CZ suggests that users may disable 3Commas API keys because of the leaks.
I am reasonably sure there are wide spread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately.— CZ 🔶 Binance (@cz_binance) December 28, 2022
- The Most Common API Vulnerabilities
- Cloud Hacking – Why API Remains the Biggest Threat?
- Urlscan.io API Inadvertently Leaked Sensitive Data and URLs
- Google reveals unpatched 0day vulnerability in Microsoft’s API
- Millions impacted as payment API flaws exposing transaction keys