3Commas finally admitted there was an API leak after months of refuting community reports that it had occurred. Users were not happy about being "gaslighted."
Victims of the 3Commas API leak are calling for refunds and an apology from the crypto trading platform for being gaslighted over the whole ordeal.
The past couple of months have seen an ongoing back and forth between 3Commas and supposed victims of unauthorized trades coming from their accounts.
3Commas and its CEO Yuriy Sorokin had strongly denied any hack or breach had taken place and had refuted there could have been an inside job from an employee gone rogue. Instead, it suggested any leaked APIs were the result of customers being phished.
you gonna delete these? pic.twitter.com/BwbJkJy8oC
— Daniel Roberts (@readDanwrite) December 28, 2022
On Dec. 28 however, Sorokin finally admitted there had been a sizeable API leak from the firm after confirming a database of API keys shared by a hacker was legitimat
“We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.”
“We did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found,” Sorokin added.
The community has been left bewildered by this surprise admission considering 3Commas had previously labeled customer reports of a leak as “false rumors shared by bad faith actors using falsified evidence,” on Dec. 11.
“Just a reminder: For the last 2 months, you have blamed the victims of the hack. You have defamed the victims as ‘bad faith actors’ and alleged they ‘falsified evidence’, when it turns out 3Commas was the ones who were the bad faith actors, lying and falsifying evidence,” wrote Twitter user @Pledditor.
Related: 400M Twitter users’ data is reportedly on sale in the black market
While popular crypto trader CoinMamba tweeted that “you kept lying and saying this was our fault instead of taking responsibility and prevented [sic] further exploits. Are you going to refund the users now?”
“Congrats you morons are what’s wrong with the space,” blockchain sleuth ZachXBT chimed in, after he had been posting about the API leak for weeks.
4/ 3Commas finally acknowledged the leak but the damage had already been done. For weeks they have been blaming its users and accepting zero responsibility.
— ZachXBT (@zachxbt) December 28, 2022
Make sure to never give incompetent clowns like @3commas_io your business ever again. https://t.co/LyNvar7LST pic.twitter.com/RkS6ZgCZEN
The responding comments were just as aggressive on the 3Commas tweet confirming the leak, with user @turgut_oztunc noting that: “You are really funny guys. We will see [you in] the court if you don't recover our funds asap.“
This whole company should be held accountable and shut down immediately
— çгчpтåvэłî (@cryptaveli) December 28, 2022