Earlier this week, an unnamed source revealed that the Federal Bureau of Investigation (FBI) is investigating the 3Commas data breach. The inquiry comes after weeks of complaints from customers of the Estonia-based crypto trading firm 3Commas, who claim that the CEO repeatedly ignored warning indicators that the company had leaked personal data.
However, an unknown source exposed 100,000 Binance and KuCoin API keys connected to 3Commas this week. Two 3Commas users Said on Thursday that the Cincinnati Field Office of the FBI had contacted them over the breach.
Furthermore, numerous 3Commas consumers discovered over the last few months that the business had exchanged their money without knowing the cryptocurrency exchanges they had connected to. Initially, 3Commas asserted that the platform was secure and claimed that these users were most likely phished.
The response differed from the company’s earlier position, in which Sorokin accused the users of spreading misinformation. Victims requested a refund and an apology when liability was recognized.
Sorokin asked Binance, Kucoin, and all other exchanges to invalidate keys related to 3Commas while recognizing the authenticity of the shared APIs in the statement.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
After a 3Comma user raised issues about an unauthorized trade in FTX. However, issues about the security of API keys in 3Comma first occurred in late October. When 3Commas and FTX revealed that the hacker made a fraudulent trade using a 3Commas account, the security problem was resolved.
The FBI undertook the action due to several user complaints about losses caused by unauthorized trading in their accounts. As per early reports from Exchange, despite their platform being safe, hackers employed phishing to access customers’ accounts.
Hacker Claims An Insider Sold 3Commas API keys
The 3Commas keys were allegedly supplied to them by a company employee, the hacker said, who leaked the API database. The CEO of 3Commas, Yuriy Sorokin, denied the allegations and said there was no proof of the inside job allegation in a statement made on Thursday.
In response to the leak, Sorokin informed the public that no internal investigator had identified any suspects. Additionally, he made it known that he intended to involve law enforcement in any remarkable changes.
Related Reading | Stacks A Blockchain Project, Aims To Add Smart Contracts To Bitcoin
Recently, a group of roughly 60 3Comma users demanded that the US Secret Service and other law enforcement agencies look into the case. They were curious about how money might go from their accounts without customers noticing it.
The group’s leader, Edmundo alias Mundy, disclosed that the total cumulative losses exceed $20 million. The FBI and 3Commas have not made any public announcements about the issue.