Last week, Several traders claimed that their crypto worth $22 million got stolen due to compromised API keys from 3Commas, a trading platform. Yesterday, 3Commas co-founder Yuriy Sorokin admitted that the firm was the source of that API leak.

Sorokin’s announcement came after an undisclosed Twitter user accessed over 90,000 API keys of 3Commas users and released them online. Initially, the trading platform had insisted that were no security concerns on its side and suggested on its Twitter handle that a phishing attack led users to give up their data.

3Commas allows users to link several crypto exchange accounts to automated trading software through application programming interfaces (APIs). These APIs facilitate communication between different software components and enable them to perform tasks. For the 3Commas case, users can trade instantly and automatically via a code.

3Commas Accused of not Taking Responsibility for the API Leak

APIs are considered game-changers until the wrong people obtain them. In a recent incident, a Blockchain analyst and Twitter user (@ZachXBT) tweeted that he had verified over 44 victims who lost a collective of $15 million through API keys hijacked from 3Commas.

Sorokin responded to the tweet by saying that not all keys got leaked from 3Commas, as they are several browser extensions and malware out here. Furthermore, he questioned how ZachXBT verified the information, alleging that most users claiming to have lost funds did not even bother opening a support ticket with the trading platform or going to the police.

Another Twitter user (@CoinMamba) accused 3Commas of blaming users instead of taking responsibility and ensuring no more exploits. It is not the first time the trading platform has been scrutinized for its API handling. Before FTX collapsed, its then-CEO Sam Bankman-Fried pledged to refund $5 million to customers affected by a phishing attack involving 3Commas.

3Commas API Keys Set to be Revoked by Exchanges

Yesterday, Changpeng Zhao, the Binance CEO, tweeted that he was certain there were extensive API key leaks from 3Commas. In addition, Zhao urged users to disable their API keys in the trading platform. A few hours later, 3Commas recommended a similar action, asking all supported exchanges to revoke keys connected to the platform.

James Davis

By James Davis

James Davis is a prominent crypto writer and analyst at Herald Sheets, recognized for his well-researched articles and thorough analysis of the dynamic digital currency market. Holding a degree in Economics from Harvard University, James combines his academic background with a keen interest in cryptocurrency to provide readers with the latest industry insights and trends.