FBI investigates stolen API keys from users of 3Commas crypto trading bots platform
After finally admitting that thousands of API keys belonging to its users were stolen, crypto trading bots platform 3Commas is now facing an FBI investigation.
Many customers of the platform specialized in automated crypto trading have indeed had their cryptocurrency funds stolen following the leak of these API keys which allow a trading bot to access an account on a crypto exchange such as Binance or Kucoin in order to perform automated trading transactions.
Coindesk mentions several users of the bitcoin trading bots platform 3Commas who indicate that they have been contacted by the FBI which is investigating this theft of API keys.
Exploiting these stolen API keys has allowed cybercriminals to steal tens of millions of dollars from many 3Commas users.
A group of 60 3Commas users, who were victims of this API key theft and lost around 20 million dollars, contacted the authorities and the American secret services to understand how their funds could have disappeared so easily, and why management at 3Commas took so long to admit this data theft which would result from a computer hacking according to the company.
The Estonian-based crypto robot platform, and its CEO Yuriy Sorokin, had however been alerted several weeks ago by customers who had noticed abnormal transactions carried out on Binance and FTX accounts using their API key that is supposed to be kept secret and safe on 3Commas.
FTX had then reimbursed $6 million to users who had had their cryptocurrencies stolen through the use of their API key.
3Commas management had refuted rumors of API key theft, saying users had been phished by visiting or clicking on pirate sites uploaded by hackers.
It took a tweet from Binance’s CEO urging 3Commas users to deactivate their API key for the company to admit that 100,000 API keys were indeed stolen.
Some also mention the hypothesis of a 3Commas employee who sold these databases containing the API keys of many users of the company known for its automated crypto trading services.
The FBI investigation may finally find out what really happened at 3Commas, if it is indeed a hack or an internal fraud via an employee working for the crypto trading bots platform.
If you use 3Commas crypto trading bots, you must therefore deactivate the API key linked to this automatic trading platform as soon as possible, it is recommended to use competing services deemed safer such as Kryll, Cryptohopper or Haasbot.