The United States Federal Investigation Bureau (FBI) is probing the data breach at Estonia-based 3Commas that exposed thousands of linked API keys, Coindesk reported on Friday, though there is no official confirmation yet.
The investigation began after the confirmation of 3Commas’ CEO, Yuriy Sorokin on the authenticity of the publicly shared database of 3Commas APIs. Earlier, he was in denial of any such breach and even called the previously leaked API databases fake.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
The concerns around the security measures of 3Commas began in late October when then-functional crypto exchange FTX issued a security alert in response to an unauthorized trade from a customer account. Though FTX and 3Commas concluded that the hackers created a 3Commas account to execute the malicious trade, the Estonian company said, “the API keys were not taken from 3Commas but from outside of the 3Commas platform.”
In a consecutive blog post, Sorokin acknowledged that 3Commas had “hard evidence that phishing
Phishing
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than technological skill, it is considered to be a social engineering attack. The most common methods for phishing are email, telephone, or text message.How to Defend Against Phishing Attacks?Every phishing attempt has a few basic things in common, which individuals need to be aware of.You should always be on the lookout for offers that are overly lucrative or too good to be true. Click-bait titles or rewards and prizes without any context are red flags.Additionally, a sense of urgency should always be approached with caution. A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time.Finally, individuals should always be mindful of unusual senders and questionable attachments or hyperlinks. Simply hovering over a link shows you the actual URL where you will be directed upon clicking on it. If anything seems out of the ordinary, unexpected, or simply suspicious it is best to avoid clicking on any links. In the cryptocurrency world, phishing attacks come in forms such as fake wallets that unsuspectingly collect users’ private keys.Fake exchange login pages that collect users’ login data, and fake wallet seed generators that create and then collect the regenerative phrases used to make cryptocurrency wallets.
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than technological skill, it is considered to be a social engineering attack. The most common methods for phishing are email, telephone, or text message.How to Defend Against Phishing Attacks?Every phishing attempt has a few basic things in common, which individuals need to be aware of.You should always be on the lookout for offers that are overly lucrative or too good to be true. Click-bait titles or rewards and prizes without any context are red flags.Additionally, a sense of urgency should always be approached with caution. A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time.Finally, individuals should always be mindful of unusual senders and questionable attachments or hyperlinks. Simply hovering over a link shows you the actual URL where you will be directed upon clicking on it. If anything seems out of the ordinary, unexpected, or simply suspicious it is best to avoid clicking on any links. In the cryptocurrency world, phishing attacks come in forms such as fake wallets that unsuspectingly collect users’ private keys.Fake exchange login pages that collect users’ login data, and fake wallet seed generators that create and then collect the regenerative phrases used to make cryptocurrency wallets. Read this Term was at least in some part a contributory factor” leading to users’ losses.
According to the crypto-focused publication, a 60-member 3Commas victim group earlier approached the US Secret Service and other law enforcement agencies with complaints of their missing cryptocurrencies
Cryptocurrencies
By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the networks which are used to authenticate blockchain technology. Cryptocurrencies can be thought of as systems that accept online payments which are denoted as “tokens.” Tokens are represented as internal ledger entries in blockchain technology while the term crypto is used to depict cryptographic methods and encryption algorithms such as public-private key pairs, various hashing functions, and an elliptical curve. Every cryptocurrency transaction that occurs is logged in a web-based ledger with blockchain technology.These then must be approved by a disparate network of individual nodes (computers that maintain a copy of the ledger). For every new block generated, the block must first be authenticated and confirmed ‘approved’ by each node, which makes forging the transactional history of cryptocurrencies nearly impossible. The World’s First CryptoBitcoin became the first blockchain-based cryptocurrency and to this day is still the most demanded cryptocurrency and the most valued. Bitcoin still contributes the majority of the overall cryptocurrency market volume, though several other cryptos have grown in popularity in recent years.Indeed, out of the wake of Bitcoin, iterations of Bitcoin became prevalent which resulted in a multitude of newly created or cloned cryptocurrencies. Contending cryptocurrencies that emerged after Bitcoin’s success is referred to as ‘altcoins’ and they refer to cryptocurrencies such as Bitcoin, Peercoin, Namecoin, Ethereum, Ripple, Stellar, and Dash. Cryptocurrencies promise a wide range of technological innovations that have yet to be structured into being. Simplified payments between two parties without the need for a middle man is one aspect while leveraging blockchain technology to minimize transaction and processing fees for banks is another. Of course, cryptocurrencies have their disadvantages too. This includes issues of tax evasion, money laundering, and other illicit online activities where anonymity is a dire ingredient in solicitous and fraudulent activities.
By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the networks which are used to authenticate blockchain technology. Cryptocurrencies can be thought of as systems that accept online payments which are denoted as “tokens.” Tokens are represented as internal ledger entries in blockchain technology while the term crypto is used to depict cryptographic methods and encryption algorithms such as public-private key pairs, various hashing functions, and an elliptical curve. Every cryptocurrency transaction that occurs is logged in a web-based ledger with blockchain technology.These then must be approved by a disparate network of individual nodes (computers that maintain a copy of the ledger). For every new block generated, the block must first be authenticated and confirmed ‘approved’ by each node, which makes forging the transactional history of cryptocurrencies nearly impossible. The World’s First CryptoBitcoin became the first blockchain-based cryptocurrency and to this day is still the most demanded cryptocurrency and the most valued. Bitcoin still contributes the majority of the overall cryptocurrency market volume, though several other cryptos have grown in popularity in recent years.Indeed, out of the wake of Bitcoin, iterations of Bitcoin became prevalent which resulted in a multitude of newly created or cloned cryptocurrencies. Contending cryptocurrencies that emerged after Bitcoin’s success is referred to as ‘altcoins’ and they refer to cryptocurrencies such as Bitcoin, Peercoin, Namecoin, Ethereum, Ripple, Stellar, and Dash. Cryptocurrencies promise a wide range of technological innovations that have yet to be structured into being. Simplified payments between two parties without the need for a middle man is one aspect while leveraging blockchain technology to minimize transaction and processing fees for banks is another. Of course, cryptocurrencies have their disadvantages too. This includes issues of tax evasion, money laundering, and other illicit online activities where anonymity is a dire ingredient in solicitous and fraudulent activities. Read this Term.
An official 3Commas ad.
The Publicly Leaked 3Commas APIs
The latest controversy around 3Commas started when an anonymous Twitter user recently shared a database of the leaked 3Commas API on social media. It included 100,000 Binance and KuCoin API keys linked to 3Commas. Earlier, 3Commas said that the APIs were leaked due to phishing, and the platform’s security was intact.
PSA
3Commas API leak has been published, if you haven’t already REMOVE YOUR API KEY pic.twitter.com/yEvrxyWBIq
Now many have pointed out the internal involvement in these API breaches. However, Sorokin squashed these claims on Thursday, saying: “3Commas stresses that it has found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data.”
“Since becoming aware of the suspicious activities taking place, we immediately launched an internal investigation. We will continue with the investigation in the light of the new information and also notify law enforcement authorities accordingly.”
On top of that, the latest API leak on the public platform alarmed other crypto giants, as Binance’s CEO Changpeng Zhao issued a public warning, asking users to disable their 3Commas API.
Earlier this month, Binance canceled a user’s account who complained of losing funds due to an API breach. However, Binance declined to reimburse the user, saying that the exchange could not confirm the losses.
Mamba, there is almost no way for us to be sure users didn’t steal their own API keys. The trades were done using API keys you created. Otherwise we will just be paying for users to lose their API keys. Hope you understand.
The United States Federal Investigation Bureau (FBI) is probing the data breach at Estonia-based 3Commas that exposed thousands of linked API keys, Coindesk reported on Friday, though there is no official confirmation yet.
The investigation began after the confirmation of 3Commas’ CEO, Yuriy Sorokin on the authenticity of the publicly shared database of 3Commas APIs. Earlier, he was in denial of any such breach and even called the previously leaked API databases fake.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
The concerns around the security measures of 3Commas began in late October when then-functional crypto exchange FTX issued a security alert in response to an unauthorized trade from a customer account. Though FTX and 3Commas concluded that the hackers created a 3Commas account to execute the malicious trade, the Estonian company said, “the API keys were not taken from 3Commas but from outside of the 3Commas platform.”
In a consecutive blog post, Sorokin acknowledged that 3Commas had “hard evidence that phishing
Phishing
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than technological skill, it is considered to be a social engineering attack. The most common methods for phishing are email, telephone, or text message.How to Defend Against Phishing Attacks?Every phishing attempt has a few basic things in common, which individuals need to be aware of.You should always be on the lookout for offers that are overly lucrative or too good to be true. Click-bait titles or rewards and prizes without any context are red flags.Additionally, a sense of urgency should always be approached with caution. A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time.Finally, individuals should always be mindful of unusual senders and questionable attachments or hyperlinks. Simply hovering over a link shows you the actual URL where you will be directed upon clicking on it. If anything seems out of the ordinary, unexpected, or simply suspicious it is best to avoid clicking on any links. In the cryptocurrency world, phishing attacks come in forms such as fake wallets that unsuspectingly collect users’ private keys.Fake exchange login pages that collect users’ login data, and fake wallet seed generators that create and then collect the regenerative phrases used to make cryptocurrency wallets.
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than technological skill, it is considered to be a social engineering attack. The most common methods for phishing are email, telephone, or text message.How to Defend Against Phishing Attacks?Every phishing attempt has a few basic things in common, which individuals need to be aware of.You should always be on the lookout for offers that are overly lucrative or too good to be true. Click-bait titles or rewards and prizes without any context are red flags.Additionally, a sense of urgency should always be approached with caution. A favorite tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time.Finally, individuals should always be mindful of unusual senders and questionable attachments or hyperlinks. Simply hovering over a link shows you the actual URL where you will be directed upon clicking on it. If anything seems out of the ordinary, unexpected, or simply suspicious it is best to avoid clicking on any links. In the cryptocurrency world, phishing attacks come in forms such as fake wallets that unsuspectingly collect users’ private keys.Fake exchange login pages that collect users’ login data, and fake wallet seed generators that create and then collect the regenerative phrases used to make cryptocurrency wallets. Read this Term was at least in some part a contributory factor” leading to users’ losses.
According to the crypto-focused publication, a 60-member 3Commas victim group earlier approached the US Secret Service and other law enforcement agencies with complaints of their missing cryptocurrencies
Cryptocurrencies
By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the networks which are used to authenticate blockchain technology. Cryptocurrencies can be thought of as systems that accept online payments which are denoted as “tokens.” Tokens are represented as internal ledger entries in blockchain technology while the term crypto is used to depict cryptographic methods and encryption algorithms such as public-private key pairs, various hashing functions, and an elliptical curve. Every cryptocurrency transaction that occurs is logged in a web-based ledger with blockchain technology.These then must be approved by a disparate network of individual nodes (computers that maintain a copy of the ledger). For every new block generated, the block must first be authenticated and confirmed ‘approved’ by each node, which makes forging the transactional history of cryptocurrencies nearly impossible. The World’s First CryptoBitcoin became the first blockchain-based cryptocurrency and to this day is still the most demanded cryptocurrency and the most valued. Bitcoin still contributes the majority of the overall cryptocurrency market volume, though several other cryptos have grown in popularity in recent years.Indeed, out of the wake of Bitcoin, iterations of Bitcoin became prevalent which resulted in a multitude of newly created or cloned cryptocurrencies. Contending cryptocurrencies that emerged after Bitcoin’s success is referred to as ‘altcoins’ and they refer to cryptocurrencies such as Bitcoin, Peercoin, Namecoin, Ethereum, Ripple, Stellar, and Dash. Cryptocurrencies promise a wide range of technological innovations that have yet to be structured into being. Simplified payments between two parties without the need for a middle man is one aspect while leveraging blockchain technology to minimize transaction and processing fees for banks is another. Of course, cryptocurrencies have their disadvantages too. This includes issues of tax evasion, money laundering, and other illicit online activities where anonymity is a dire ingredient in solicitous and fraudulent activities.
By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the networks which are used to authenticate blockchain technology. Cryptocurrencies can be thought of as systems that accept online payments which are denoted as “tokens.” Tokens are represented as internal ledger entries in blockchain technology while the term crypto is used to depict cryptographic methods and encryption algorithms such as public-private key pairs, various hashing functions, and an elliptical curve. Every cryptocurrency transaction that occurs is logged in a web-based ledger with blockchain technology.These then must be approved by a disparate network of individual nodes (computers that maintain a copy of the ledger). For every new block generated, the block must first be authenticated and confirmed ‘approved’ by each node, which makes forging the transactional history of cryptocurrencies nearly impossible. The World’s First CryptoBitcoin became the first blockchain-based cryptocurrency and to this day is still the most demanded cryptocurrency and the most valued. Bitcoin still contributes the majority of the overall cryptocurrency market volume, though several other cryptos have grown in popularity in recent years.Indeed, out of the wake of Bitcoin, iterations of Bitcoin became prevalent which resulted in a multitude of newly created or cloned cryptocurrencies. Contending cryptocurrencies that emerged after Bitcoin’s success is referred to as ‘altcoins’ and they refer to cryptocurrencies such as Bitcoin, Peercoin, Namecoin, Ethereum, Ripple, Stellar, and Dash. Cryptocurrencies promise a wide range of technological innovations that have yet to be structured into being. Simplified payments between two parties without the need for a middle man is one aspect while leveraging blockchain technology to minimize transaction and processing fees for banks is another. Of course, cryptocurrencies have their disadvantages too. This includes issues of tax evasion, money laundering, and other illicit online activities where anonymity is a dire ingredient in solicitous and fraudulent activities. Read this Term.
An official 3Commas ad.
The Publicly Leaked 3Commas APIs
The latest controversy around 3Commas started when an anonymous Twitter user recently shared a database of the leaked 3Commas API on social media. It included 100,000 Binance and KuCoin API keys linked to 3Commas. Earlier, 3Commas said that the APIs were leaked due to phishing, and the platform’s security was intact.
PSA
3Commas API leak has been published, if you haven’t already REMOVE YOUR API KEY pic.twitter.com/yEvrxyWBIq
Now many have pointed out the internal involvement in these API breaches. However, Sorokin squashed these claims on Thursday, saying: “3Commas stresses that it has found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data.”
“Since becoming aware of the suspicious activities taking place, we immediately launched an internal investigation. We will continue with the investigation in the light of the new information and also notify law enforcement authorities accordingly.”
On top of that, the latest API leak on the public platform alarmed other crypto giants, as Binance’s CEO Changpeng Zhao issued a public warning, asking users to disable their 3Commas API.
Earlier this month, Binance canceled a user’s account who complained of losing funds due to an API breach. However, Binance declined to reimburse the user, saying that the exchange could not confirm the losses.
Mamba, there is almost no way for us to be sure users didn’t steal their own API keys. The trades were done using API keys you created. Otherwise we will just be paying for users to lose their API keys. Hope you understand.