On the 28th of Dec 2022, the CEO of Binance, CZ, went on Twitter to advise users of the 3Commas platform to disable all the APIs they share with the platform.
We are trying, but we don't know which APIs users share with which other platforms.
— CZ 🔶 BNB (@cz_binance) December 28, 2022
For the past week, the 3Commas project, a platform that allows traders to automate their trades, suffered a massive hack that left it at odds with its users. The attack resulted in the loss of $22 million worth of assets.
Utilizing an anonymous account, the hacker published the API keys of 100,000 users, claiming they are a team that suffered during the LUNA and FTX crashes and were out to teach users not to trust platforms like 3Commas. In a message to @ZachXBT, they claim that 3Commas sold the details of their users to the highest bidder.
But the loss suffered by 100k users was still not significant enough for 3Commas to publicly admit that they were the source of the leak. So on the 23rd of December 2022, the CEO of 3Commas, Yuriy Sorokin, went on Twitter to blame the victims of the attack.
He claimed that the victims were careless with their keys, and they got leaked. According to him, if the leak were from 3Commas, there would be alot more victims, and the loss would be worse than the $22 million. There are malicious browser extensions and malware out there.
After days of strongly denying the attack and attempting to gaslight its way out of the sticky situation, 3Commas finally admitted to being the source of the leak.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@ysoro13) December 28, 2022
Yuriy Sorokin finally announced on Twitter that after comparing the hacker’s message with their records, they had found the source of the leak. 3Commas is taking responsibility for the attack. As a corrective action, he asked all supported exchanges like Binance and Kucoin to revoke all API keys and connections until they resolve the situation.
Their first line of investigation was to ensure the attack wasn’t an inside job since that is the most likely scenario. Since a very select group of tech employees could access the infrastructure, there’s little proof of inside collaboration.
Therefore, they have created and implemented new security measures involving law enforcement agents in conducting an extensive investigation. He apologized for how the situation was being handled and promised continued transparency in the future.
But users aren’t happy with an apology, seeing as Yuriy spent the past few days blaming users instead of taking responsibility for their failings.