3commas bots use these APIs to interact with crypto-rhms without a request for accounting data to automatically invest and trade on behalf of users. According to the hacker standing behind the drain, 10,000 keys are only 10% of what fell into his hands. The attacker plans to lay out the rest of the keys in the coming days.
3Commas experts studied the merged data and confirmed that they have real API-key APIs. The company calls for all exchanges, including Kucoin, Coinbase and Binance, to withdraw all the keys related to 3commas. Users are recommended to independently overcome their keys for all related exchanges and contact the 3commas support service to obtain recommendations on further action.
The company has already conducted an internal investigation to find out if the incident is connected with the work of the insider, but did not find any evidence of this.
“Only a small number of technical employees had access to infrastructure, and since November 19 we have taken measures to limit their access. Since then we have implemented new security measures, and we do not plan to dwell on this; we are starting a full -fledged investigation to which Law enforcement agencies will be involved, ”the company writes in its statement.
It is worth noting that the first reports of unauthorized transactions conducted through 3commas came from October this year, and in recent weeks have reached their peak. According to the users of the platform, in November they lost Cryptocurrency in the amount of about 6,000,000 dollars after leakage of their accounting data from 3commas.
All this time, representatives of the company denied the possibility of hacking and suggested that users became victims of phishing attacks or trojanized applications. However, after an ongoing stream of messages about unauthorized transactions using the API-key, the company burst into patience and it rolled out Report on the investigation, which stated that the specialists were not able to find any evidence of compromise 3commas systems. In a separate publications the company called the employees stole the user APIs and translate their cryptoactives for themselves .