Binance CEO “Reasonably Sure” About API Key Leakage on 3Commas

• CEO of Binance is reasonably sure about the leakage of API keys in 3Commas.
• On-chain sleuth teaches a soft lesson with the database of API keys worth billion.
• 3Commas come out clean after an investigation into a possible inside job fails to show evidence.

The Chief Executive Officer (CEO) of Binance, Changpeng Zhao cautioned the crypto Twitter community and instructed them to disable the API (Application Programming Interface) keys stored in 3Commas. Zhao made the warning call as he was reasonably sure that there was an API key leakage from 3Commas.

Similarly, ZachXBT, an on-chain sleuth, tweeted that an account had sent him a database of API keys of 3Commas users. Later on, the investigator proclaimed that he verified the validity of the information and then passed on the word to all the exchanges.

Interestingly, ZachXBT stated that although he had access to a million dollars via the leaked API key, the sleuth refrained from any illicit activity as he wanted to teach the community a soft lesson and not a hard one ⸺ of not to trust 3Commas.

Meanwhile, 3Commas aired its view about the API leakage. In a tweet, it stated:

We have seen the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have requested that Binance, Kucoin, and other supported exchanges revoke all keys that were connected to 3Commas.

Moreover, 3Commas tweeted that it made an internal investigation to see if this was a possible inside job, however, it found no evidence of it. Furthermore, it stated, “Only a small number of technical employees had access to the infrastructure and we have taken steps since November 19 to remove their access.”

3Commas stated that they have implemented new security measures and they pledged that they will not stop there, but will launch a full investigation in which law enforcement will be involved.