[Warning] 3Commas API keys leaked! | Bitcointalksearch.org

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: PX-Z on January 01, 2023, 10:48:05 AM

Quote from: joniboini on December 31, 2022, 07:59:06 AM

According to their latest Tweet, it does not seem like an inside job after they did their investigation. But it is unclear if the lack of evidence is the result of no inside job or simply a good job from the cracker to clean their history. Not really a good look at their image after they told their users that they got phished.

I still doubt its the case, no company will admit that it's one of them, it's mentioned in the article that a third party disclosed/leak the APIs, so what's the third party to be exact? They are now redirecting blames to others instead of being sorry and claim the responsibility and refund their users. Well, its the same ceo who immediately blamed their users for being phished and hacked after reporting the case to them.

I'll give them that they might not be able to say due to legal issues. Even big places like Gemini did not say who leaked some data from their mailing lists just that it was leaked.
Massive liability issue. If *I know* that I did not leak it but, the only other person who had access was you still saying you did it is dangerous because if it was NOT leaked by you but rather by an undetected hack, or outright theft or..... There could actually be more backlash if they say "A" did it and they were wrong then just saying 'someone else'

I still don't believe it, but I can see the logic behind it.

-Dave

PX-Z

hero member

Activity: 1428

Merit: 836

Top Crypto Casino

Quote from: joniboini on December 31, 2022, 07:59:06 AM

According to their latest Tweet, it does not seem like an inside job after they did their investigation. But it is unclear if the lack of evidence is the result of no inside job or simply a good job from the cracker to clean their history. Not really a good look at their image after they told their users that they got phished.

I still doubt its the case, no company will admit that it's one of them, it's mentioned in the article that a third party disclosed/leak the APIs, so what's the third party to be exact? They are now redirecting blames to others instead of being sorry and claim the responsibility and refund their users. Well, its the same ceo who immediately blamed their users for being phished and hacked after reporting the case to them.

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: joniboini on December 31, 2022, 07:59:06 AM

According to their latest Tweet, it does not seem like an inside job after they did their investigation. But it is unclear if the lack of evidence is the result of no inside job or simply a good job from the cracker to clean their history. Not really a good look at their image after they told their users that they got phished.

Of course they won't admit that its been an inside job, no one expected anything else from them. Not that is anyone believing them, especially since people warned them about losing money and instead taking those warnings seriously, they instead shifted blame to users and exchanges.

Husires

legendary

Activity: 1582

Merit: 1284

There is something strange that I did not understand in this article. https://3commas.io/blog/notice-on-api-data-disclosure-incident

Quote

3Commas recently became aware that some of 3Commas’s users API data (API keys, secrets and passphrases) have been disclosed by a third party.

Is this an appropriate way to describe hacking in similar cases? Or is it closer to what happened with Facebook and Cambridge Analytica, where the company gave the data to a third party, and that third party sold the data.

They denied the possibility that what happened was from an insider but they did not deny the hypothesis that third parties did it.
If this is true, creating new keys will not change anything.

Yogee

sr. member

Activity: 1526

Merit: 412

Quote from: joniboini on December 31, 2022, 07:59:06 AM

....
Might as well stop using them for the time being.

Just stop using them forever.

They will be sued for sure and that will take a lot of their resources. They will likely lose and settle for millions of dollars to refund all affected users so they may as well stop their operation at that point. Nobody will ever trust them after lying for so long and keep putting the blame on users.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: PX-Z on December 28, 2022, 07:06:32 PM

All this kind of hack especially for API leak is mostly an inside job, these companies should taken actions on how to prevent any employee have a directly access to these list or the confidential systems/records

According to their latest Tweet, it does not seem like an inside job after they did their investigation. But it is unclear if the lack of evidence is the result of no inside job or simply a good job from the cracker to clean their history. Not really a good look at their image after they told their users that they got phished.

Since then they have posted an update here: https://3commas.io/blog/notice-on-api-data-disclosure-incident. Suggesting their users request new keys is definitely not enough to get back the confidence that the API keys are safe since they still can't be sure if the hacker left something and will just leak the new keys. Might as well stop using them for the time being.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Been reading more and more on this, a lot of details are still a bit contradictory. But, it does look like an interesting ripoff / human view kind of thing.

The accounts were targeted a bit at random. They did not go after the 'high value' targets or the most active or anything like that. Those things would just scream hack / data leak.

They went after a bunch of random accounts (and a few big ones) which just. makes it look like something else. If you have access to 100 accounts and only go after 1 in the top 10 and 3 in the top 25 it makes it look a lot less obvious then going after the top 10 and running with the funds

Still, 3Commas should have been more proactive and people should not be using exchanges though other places with API keys. I'm truly impressed that it took this long for something like this to happen.

-Dave

PX-Z

hero member

Activity: 1428

Merit: 836

Top Crypto Casino

All this kind of hack especially for API leak is mostly an inside job, these companies should taken actions on how to prevent any employee have a directly access to these list or the confidential systems/records
And 3commas should take responsibility those users who have been stolen, since it's primarily their fault, in which they blame their users at first.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Not your keys not your coins. Give your API keys out and loose your coins. Seems about right.

But, it's yet another reason not to keep your funds on an exchange. And if for some reason you have to then never ever give anyone else access to it.

API keys sounds so technical and nice. Give us your username & password and use our phone number for your SMS 2FA just does not sound as good and technical.

-Dave

Rikafip

legendary

Activity: 1722

Merit: 5937

3Commas just confirmed via Twitter that that API keys indeed leaked. Here's the link to the Twitter thread https://twitter.com/3commas_io/status/1608226169400315904?t=gFBokhA9H62KG0z3EMofzg&s=19

OmegaStarScream

staff

Activity: 3402

Merit: 6065

If you have any of your exchange's API keys linked to their platform, disable or delete them because it appears they have been leaked and published online[1][2][3] (still to be confirmed).

This comes days after a group of traders reported losing funds[4].

[1] https://twitter.com/tier10k/status/1608186096411725826
[2] https://twitter.com/cz_binance/status/1608182790540902407
[3] https://www.coindesk.com/tech/2022/12/28/anonymous-twitter-user-leaks-alleged-3commas-api-database/
[3] https://twitter.com/zachxbt/status/1605235174970916864/photo/1

Topic: [Warning] 3Commas API keys leaked! (Read 121 times)