Crypto trading company 3Commas rejected speculations that its employees stole and leaked the API keys to users’ accounts. 3Commas response to the latest saga of leaked API keys dismissed the allegations indicating the screenshots shared via Twitter and Youtube originated from bad actors.
Non-Existent Breach of 3Commas System
3Commas termed the screenshots as falsified evidence targeted at attaching exchanges. The company statement on December 11 regretted that the falsified screenshots of Cloudflare logs aimed to convince the crypto community of an existing vulnerability in 3Commas. Further, the statement dismissed the fake screenshots as attempts to portray 3Commas as an irresponsible entity allowing open access to confidential users’ data and log files.
3Commas chief executive Yuriy Sorokin urged the affected users to file complaints with law enforcement officers. He added that affected users should immediately contact the exchange and ensure accounts are frozen to avert theft of funds.
Sorokin had earlier challenged the victims on December 10 to act swiftly in freezing their accounts to increase the possibility of returning the funds. The company noted that victims should produce a police report that the exchange will share with the investigators.
Potential Phishing Attacks
The latest edition of API key theft surfaced when a crypto trader identified as CoinMamba on Twitter protested the closure of his Binance account. He alleged losing funds after an API key linked to his 3Commas account leaked. However, 3Commas echoed Binance’s stance to deny responsibility for the incident.
3Commas reaffirmed the safety of its system and identified phishing attacks as the contributory factor to such thefts. Sorokin admitted the company detected the phishing attacks in October when 3Commas warned of fake websites started by bad actors. The 3Commas co-founder lamented that some fake websites still exist despite the firm’s efforts to ensure their crackdown.
Proof of Falsified Evidence
The internal investigations of the screenshots alleging staff stole the API key confirmed they were falsified evidence. Sorokin indicated that an HTML editor was utilized to create the falsified evidence suggesting that 3Commas systems were breached.
3Commas investigators confirmed with Cloudflare it has not activated instant logs in the past year, thereby dismissing the alleged November 2 logs. Also, the investigators indicated the Cloudflare account ID to prove the 3Commas dashboard was blurred out, mismatching names and navigation menu. Besides, 3Commas confirmed utilizing the Cloudflare enterprise version, whose default features include Logs and Edge Reachability.
The company assured its 120000 active traders transparency in discerning fake evidence circulated by bad actors. The statement indicated the company would also disable exchange API connections exceeding three months.