As the crypto drama involving FTX and SBF, another crypto culprit is on the rise – the beloved 3Commas. For close to a year now, 3Commas has been tied to data breaches through compromised API keys from the trading platform. Users are left frustrated more so by the lack of action from the crypto entity. An affected party told Cryptopolitan of his troubled ordeal with the platform – it’s one to gasp upon.
Security breaches have been a relentless threat to the crypto industry in recent years, leaving trails of disruptions and major financial losses. Several traders tied to 3Commas have had it worse. The informant states, “Everything went smoothly until it did not. On Nov 13th of 2022, my account got washtraded, and in 8 minutes, 30BTC and 270 000 USDT were drained from my account on Binance.”
3Commas on the spot for customer data negligence
3Commas is a platform that allows users to connect multiple crypto exchange accounts, such as those held on Binance, to automated trading software. All of this is carried out using APIs (application programming interfaces), which are standardized procedures that allow various software components to connect with one another and complete activities.
The idea is that humans do not have to do the difficult job of considering their trades. Instead, everything is done promptly and automatically using code. This is all good and profitable until the wrong people get access to the APIs.
Hacks appear to be the order of the day at 3Commas. Data was verified late last year on X (previously Twitter) by Blockchain sleuth @ZachXBT. During that time, ZachXBT stated that he had confirmed 44 victims who had lost a total of $14.8 million due to API keys stolen from 3Commas.
A few days ago, 3Commas was hit again. In a blog post published on October 8th, 3Commas disclosed a security breach after multiple users reported unauthorized transactions on their accounts. According to Yuriy Sorokin, CEO of 3commas, the compromised accounts lacked two-factor authentication (2FA), allowing hackers unauthorized access to consumer account information.
ZachXBT, a crypto security expert, took to Twitter to express his dissatisfaction with 3Commas’s security practices, particularly in light of the exchange’s December 2022 security breach.
3Commas affected users won’t idly sit by and watch
Well, ZachXBT is not the only one who wonders how 3Commas is still in business. Following the 3Commas data breach, it is evident that users’ trust and confidence in the company have been shaken. Affected users, such as our informant, have taken steps to ensure 3Commas answers for its negligence
Are hacks prevalent in the crypto space space? Yes. Is it okay for the affected firms to sit by and not take action? No. Get this: the first time the hack situation at the firm came to light, the entity blamed it on the users who fell victim to phishing attacks. However, that was not the case.
One of the affected users hails from Ukraine. He tells Cryptopolitan that after he realized he was hacked, he reached out to Binance and 3Commas for help, to no avail: “I contacted both Binance and 3c immediately, but both did not help, and Binance did not freeze the account of the attacker.” Now, he has filed a report with Estonian police.
According to his report, Binance was aware of the situation, and nothing much was done. So, they have thought it best to take care of their coins themselves. This begs the question of trust for both entities.
Both 3Commas and Binance completely deflected the interaction, so I went to Twitter and found other victims; we made a telegram group and an Excel sheet in order to somehow organize the data and try to figure out what happened. I went to the Cybersecurity company CQR the next morning after the attack. They did forensics on all of my hardware, I was all clean, but neither Binance nor 3Commas cared about it.
Affected User
Unlike Binance, who left their users high and dry, customers who were on Coinbase had their accounts insured and got compensated by Coinbase in a matter of 2 weeks, but all others are rekt.
Unfortunately, the stolen 30 BTC and 270 000 USDT were my father’s life savings, and we had them on Binance because I live in Odesa, Ukraine, we are in a war, and even my bank where I had a safe deposit box got bombed. We are in a very difficult situation.
Affected User