Binance Accounts Exploited Due To 3Commas API Key Hack

Last Updated:
Binance Puts Withdrawals On Hold after Potential Ankr & Hay Hack
  • 3Commas API leak enabled contra trade for a huge number of altcoins on Binance.
  • 3Commas is working with the Binance team for further investigation of the exploitations.
  • Rodion Longa and CoinMamba report their Binance deposits have been lost.

On December 11, a massive number of altcoins including OM, AMP, NEXO, POLS, SUN, ARDR, BIFI, XVS, ARK, LOOM, and OSMO were reportedly contra-traded on the leading cryptocurrency exchange, Binance.

The exploitation was caused due to a 3Commas trading bot API key flaw, which is now being investigated by the 3Commas team who is currently working closely with the Binance team. The automated crypto trading bot also shared in a report that existing keys that have not been for over 3 months, will be voided.

In the investigation updates document released by 3Commas, the company addressed the unauthorized trades using hacked API keys on exchanges such as Binance, FTX, and OKX. While they cannot confirm any specifications, 3Commas suspects that the perpetrators gathered the API details over a long period. 

The perpetrators waited for the market to slow down and provide a window where many trading pairs were illiquid and easier to manipulate.

The report also highlighted that 3Commas is relying on law enforcement authorities to deliver a comprehensive analysis based on the information the exchanges have provided.

Moreover, the famous poker player and founder of Worldpokerdeals, Rodion Longa, tweeted that his Binance account was exploited via the 3Commas API leak which contributed to a loss of $450,000 worth of BUSD stablecoins. 

https://twitter.com/LongaRodion/status/1601068826023849984

Longa also added that this cannot possibly be a phishing attack since he has not used the 3Commas trading bot API in the last 11 months. 
Additionally, the anonymous Twitter account CoinMamba reported that his Binance account was also exploited through an API which he had created 2 years ago and didn’t remember anything about. Simultaneously, he notified the Binance team about the same, demanding compensation.

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.