3Commas, a cryptocurrency trading platform, has confirmed that it suffered a data breach that saw API data stolen.
According to the announcement, an unknown threat actor uploaded 3Commas’ API data to Pastebin on Dec 28.
After analyzing the data, the company confirmed that it was authentic. “At the moment, 3Commas can regretfully confirm that API keys, secrets, and passphrases of 3Commas users have been divulged by a third-party.”
While leaks are about API data at the moment, 3Commas does not rule out the possibility of other data being taken as well: “Currently and to the best of our knowledge only API data has been exposed as part of this incident. As a possible outcome, the hacker(s) may or may have used API data Applications to link your exchange accounts to theirs/account and/or initiate unauthorized trades.”
The company sent a notice to its users via email, as well as a blog posting, stating that it has taken steps to protect their users and their funds. They also reported the issue to the FBI and other relevant law enforcement agencies.
According to a ComputerAccording to the report a batch of 10,000 API keys were stolen, which is only 10% of the entire 100,000-strong database. These keys are commonly used by 3Commas robots to automatically interact and trade with cryptocurrency exchanges.
3Commas issued a call to all supported exchanges, including some of the largest ones, Binance, Coinbase and Kucoin, to cancel all API keys that were linked to the platform in response to the news. The company also advised all users to re-issue all keys on all links. endpoints(Opens in new tab) Personally.
The company investigated the leak further and concluded that it was not an inside job. Tweet
We have taken new security precautions since then and we won’t stop there. “We are in process of launching an investigation involving law enforcement,” said the company.
But the damage has already been done. The attackers have apparently been using the API keys to steal cryptocurrency worth $6 million since November.
Through: Computer(Opens in new tab)
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]