Binance warns about 3Commas API leak, says users should disable keys

Quick Take

  • Binance CEO Changpeng Zhao said he’s “reasonably sure” there were “wide spread API key leaks” from trading-bot platform 3Commas after fresh speculation emerged on social media Wednesday.
  • A 3Commas spokesperson said the company had seen a message from the hacker and confirmed the data in the posted files was real.

Binance CEO Changpeng Zhao said he's "reasonably sure" there were "wide spread API key leaks" from trading-bot platform 3Commas after fresh speculation about an October incident emerged on social media on Wednesday.

A 3Commas spokesperson confirmed the leak in a statement to The Block. 

"I strongly believe @tier10k is correct here," he wrote on Twitter, referring to a post from a user that said an API leak had been published. "If you have ever put an API key in 3Commas (from any exchange), please disable it immediately." 

An investigation conducted by 3Commas and the now-collapsed FTX crypto exchange in October revealed that API keys had been used to conduct unauthorized trades for DMG trading pairs. The 3Commas team was alerted to the incident on Oct. 20, when FTX API keys connected to the platform were used to perform unauthorized trades.

3Commas said at the time that the API keys were not taken from the company and had probably been obtained from a third-party phishing attack or hack.

3Commas confirms leak

A 3Commas spokesperson on Wednesday said the company had seen a message from the hacker and confirmed the data in the posted files was real.

"As an immediate action, we have asked that Binance, Kucoin and other supported exchanges revoke all of the keys that were connected to 3Commas," the spokesperson said in an emailed response to questions from The Block. "We are sorry that this has gotten so far and will continue to be transparent in our communications around the situation."

The company said that it has not found proof of an "inside job."

"Only a small number of technical employees had access to the infrastructure and we have taken action since November 16 to remove their access," the spokesperson said. "Since then, we have implemented new security measures and will not stop there; we are launching a full investigation involving law enforcement."

 


© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.