Changpeng “CZ” Zhao, the Chief Executive Officer (CEO) of the world’s largest cryptocurrency exchange Binance has taken to Twitter to alert his eight million followers that there was an API key leak on 3Commas, a cryptocurrency trade management platform.
Effective immediately, Zhao recommended that any user who has ever put any exchange API key in the affected platform should get it disabled.
“I am reasonably sure there are widespread API key leaks from 3Commas. If you have ever put an API key in 3Commas (from any exchange), please disable it immediately,” the Binance CEO tweeted.
CZ also mentioned to a user that Binance was trying to disable the site from its end but also added that the task is risky.
This had been evident when Binance canceled the accounts of some users who had laid a series of complaints of missing funds from their wallets. According to one of those affected users, his API key which was linked to 3Commas was exposed and afterward used “to make trades on low cap coins to push up the price to make profit.”
At the time, Binance had not verified if there was a leakage of API keys or whether it had been used to trade low-cap crypto assets to drive prices and profit.
Therefore, it refused to reimburse the user, instead, Binance stated that if the company covered such incidents, “we will just be paying for users to lose their API keys” especially as “the trades were done using API keys you created.”
Another Hit on 3Commas API Key
3Commas CEO Yuriy Sorokin has come out to acknowledge the API leak after denying the allegations citing that the screenshots that were being circulated on the Internet are fake.
In his earlier position, “The person who created the screenshots did a nice job with an HTML editor, but they made a few key mistakes that easily prove their claims are fake. We’ll go through those point by point.”
A few users of now-bankrupt crypto exchange FTX were victims of such API key exploitation in October and ended up losing millions.
The hacker carried out unauthorized trades using API keys tied to 3Commas. For a particular user, his account using 3Commas API keys traded DMG tokens over 5000 times leading to the loss of $1.6 million in digital assets.
Following the acknowledgment on the part of Sorokin, he said a full investigation has been launched in coordination with law enforcement agencies.
4. Since then, we have implemented new security measures and will not stop there; we are launching a full investigation involving law enforcement.
We are sorry that this has gotten so far and will continue to be transparent in our communications around the situation.
— Yuriy Sorokin (@ysoro13) December 28, 2022
Read More
All News
BlockchainFX is the world’s first crypto exchange connecting traditional finance with blockchain. Join the $BFX presale today and secure your chance for 100x gains!
Join Now