On Dec. 28, an anonymous Twitter user published over 100,000 API keys allegedly obtained from 3Commas. The API keys are linked to top crypto exchanges, including Binance, Coibnase, and KuCoin. 3Commas users have demanded an apology from the platform CEO for gaslighting them.
Over two months of slow poisoning
Although the news just broke yesterday among the greater public, 3Commas users have been experiencing a loss of funds for over two months now. One user says he lost over $400,000 and is looking forward to getting compensation.
On Nov. 14, Binance’s Changpeng Zhao posted a Tweet warning API users from Skyrex and 3Commas of unusual trading activity from their accounts. He advised them to delete their API keys for security purposes.
Fast forward to Dec. 28, Yuriy Sorokin, founder of 3Commas, admitted to the data breach and addressed his customers on Twitter. He confirmed that after deep internal investigations, there was no evidence of an inside job. Users are not buying it, though. Sorokin also briefly apologised in the same Twitter thread and confirmed that they involve law enforcement in the investigations. He, however, did not specify whether it was the FBI.
Users are now crying for refunds. One particular group of 60 affected 3Commas customers lost a total of over $20 million between them. The hefty loss led them to seek the help of the United States Secret Service’s help to find out where the money went. This sheds light on the size of this hack. If 60 people lost $20 million, how about the remaining ~99,940 users?
Some users are still in the dark two months after the official communication on the issue.
