3Commas data leak confirmed; hackers threaten to publish over 100k leaked API keys

News Report Business

In Brief

More than 100,000 API keys have been leaked from 3Commas.

The company confirms the leaked data is legitimate and contacts exchanges to revoke keys connected to 3Commas.

The Trust Project is a worldwide group of news organizations working to establish transparency standards.

3Commas data leak

3Commas customers are facing a data leak, and thousands of API keys may be published online in the coming days.

Earlier today, Twitter user and on-chain sleuth ZachXBT looked into the 3Commas data leak. Hackers have access to a database containing more than 100k API keys, and they are planning to publish the database online in the coming days.

Since the severity of the situation became known, the FBI has begun an investigation into the data leak. CoinDesk reports that agents from the FBI’s Cincinnati Field Office have contacted two 3Commas users in relation to the leak.  

3Commas is a company promising to “revolutioniz[e] how people invest and trade.” It offers crypto trading bots for major cryptocurrency exchanges, including Binance, Coinbase KuCoin, and Crypto.com. However, there has been some talk that the platform is not as secure as it promises. Earlier this month, 3Commas users started reporting “unauthorized trades on their CEX accounts.” However, the company denied any wrongdoing and blamed phishing for customers losing their funds. As of December 20, at least $14.8 million in total was stolen from 44 people.

According to the messaging from the person or people who have access to the database, the leak is not caused by a bug or exploit, but 3Commas is allegedly responsible for it. They claim 3Commas “sold your information to the biggest bidder.”

“Here is some copies of Binance and KuCoin – trade apis provided by 3commas staff we have the whole database we will be leaking it when we are done filtering your personal informations, so people don’t get doxed, we will only release the api keys,”

hackers wrote.

Both ZachXBT and later 3Commas confirmed that at least some of the API keys are legitimate; some have already been used to access people’s funds. Victims have confirmed their API keys were on the list. According to the hackers, it could have been worse already, as they reportedly have “access to over a billion dollars on APIs.” The hackers claim they “didn’t use them [and] wanted just to teach everybody a low lesson, not a hard one.”

3Commas has finally acknowledged the leak took place, but it denies any wrongdoings or possibility the hack was “an inside job,” claiming no evidence was found. According to the statement made by 3Commas, a “small number of technical employees had access to the infrastructure,” and the company has taken steps to remove their access.

“We have seen the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have requested that Binance, Kucoin and other supported exchanges revoke all keys that were connected to 3Commas,” 3Commas tweeted earlier today.

Whether it is too little, too late remains to be seen as more 3Commas customers are facing possible data leaks. The hackers are raising one important issue, though: Are your crypto assets really safe? Luna crash, 3AC crash, and Alameda Research and FTX crash are just some of the major events that have shaken the crypto space this year alone.

Related posts:


Any data, text, or other content on this page is provided as general market information and not as investment advice. Past performance is not necessarily an indicator of future results.

Karolina Gaszcz

Karolina is a writer and journalist with a background in literary studies. She loves exciting tech solutions and art, and NFTs are often a perfect amalgamation of the two. Outside of work, she’s a plant mom, a vintage fashion enthusiast, and a gamer.

Follow Author

More Articles