Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label 3Commas. Show all posts

Crypto Platform 3Commas Attacked

 

Cryptocurrency trading platform 3Commas reported that they suffered a data breach in which API data were stolen. Following the incident, an FBI investigation has been called in. 

However, the investigation comes after weeks of criticism from users of the Estonia-based crypto trading platform. As per the statement released by the platform, an unknown hacker posted 3Commas’ API database to Pastebin, on 28 December. 

Also, users reported that its CEO repeatedly ignored the warning signs that the platform had been targeted. 

The cyber threat security team of the company has confirmed the attack’s authenticity after analyzing it, saying “at this point, 3Commas can, unfortunately, confirm that some of 3Commas’ users’ API data (API keys, secrets and passphrases) have been disclosed by a third party.”

Further, it added that “Currently and to the best of our knowledge only API data have been disclosed as part of this incident. As a likely consequence, the hacker(s) may use or may have used the API data to connect your exchange accounts to his/their account and/or initiate unauthorized trades”. 

The threat actor has managed to leak a set of 10,000 API keys, which was just 10% of the 100,000-big database, as per the report. These keys are used by 3Commas bots to automatically interact with crypto exchange platforms, make trades and generate profit, without user interaction. 

The company sent notice to its users via email and a blog post, in which it assures its users that their data and funds will be protected as the company has taken precautionary measures already. The attack has also been reported to the relevant law enforcement agencies, including the FBI. 

However, the damage has already been done. The malicious actor has been abusing stolen API keys since November, he also managed to steal some $6 million worth of cryptocurrencies so far as per the report. 

Furthermore, the company added, “Only a small number of technical employees had access to the infrastructure, and we have taken steps since November 19 to remove their access. Since then, we have implemented new security measures, and we will not stop there; we are launching a full investigation in which law enforcement will be involved”.