The crypto trading business also denies that customers’ API keys were compromised and encourages them to submit a police complaint.
3Commas, a cryptocurrency trading service, has disputed that its staff stole consumers’ API keys, alleging that pictures circulating on social media are phony and asking impacted users to file police complaints to prevent the culprits from taking their assets.
3Commas co-founder and CEO Yuriy Sorokin stated in a blog post published on December 11 that fake screenshots of Cloudflare logs are circulating on Twitter and YouTube “in an attempt to convince people that there was a vulnerability within 3Commas and that we were irresponsible enough to allow open access to user data and log files.” The purported images are intended to demonstrate how customers’ API keys were exposed on the 3Commas dashboard on Cloudflare.
On December 10, Sorokin recommended impacted individuals to submit a police complaint in order to have their exchange accounts frozen. “The sooner this is done, the sooner exchanges may block the criminals’ accounts to prevent cash from being taken and improve the probability that some, or all, of the monies will be restored to victims.”
Because the majority of cryptocurrency exchanges adhere to Know Your Customer regulations, customers must give identifying information in order to trade or withdraw cash. According to the business, if impacted users submitted a police complaint, exchangers would be able to share this information with investigators.
According to Cointelegraph, a crypto trader known on Twitter as CoinMamba had his Binance account deleted after complaining about lost assets. The compromised API key was linked to a 3Commas account. Binance and 3Commas both deny any involvement in the affair.
According to 3Commas, proof of phishing attempts is a “contributory element” in thefts. According to the firm, the phishing assaults began in October, with bad actors experimenting with various approaches. “Also, we have strong proof that phishing was at least in part a contributing role; we published a blog piece here revealing several phony 3Commas websites that were established, and some of them are still online on the internet, despite our best attempts to get them taken down,” Sorokin said.
The corporation disables Exchange API connections older than 90 days.