Changpeng Zhao, the CEO of Binance, advised the exchanges’ clients to disable 3Commas API keys following several reports of API key leaks from the trading bot.
Earlier in October, FTX users claimed that the API keys linked to 3Commas were used to gain unauthorized access to their accounts. An investigation by the two firms revealed that hackers had used these keys to carry out trades on DMG trading pairs.
Hey guys. Unfortunately two days ago my Binance account got exploited through an API which I’ve created 2 years ago and haven’t used since which I assumed I deleted but apparently didn’t. It was used to make trades on low cap coins to push up the price to make profit.
— CoinMamba (@coinmamba) December 8, 2022
Reports of these leaks re-emerged in December when Twitter user CoinMamba reported that their Binance account was compromised through an API key exploit. After deliberations with CZ on Twitter, Binance refused to provide compensation to CoinMamba and soon blocked their account.
Get Our Free Newsletter
Subscribe to our newsletter to get tips, our favorite services, and the best deals on Bitcompare-approved picks sent to your inbox
The CEO of Binance has now acknowledged the existence of the key leaks. 3Commas CEO Yuriy Sorokin also confirmed that users’ API keys were leaked from their platform. He claimed that the firm will launch a “full investigation” involving law enforcement, adding,
“As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.”
Meanwhile, the CEO of Binance voiced his disagreement with 3Commas’ official announcement. CZ said he believes Twitter user db’s post claiming that all of 3Commas’ leaked keys have been published.
I strongly believe @tier10k is correct here, not 3comma's official response (BS). https://t.co/gV4DxVfxUZ
— CZ Binance (@cz_binance) December 28, 2022
