FBI Is Reportedly Investigating 3Commas Data Breach


Although there has been no official confirmation as of yet, there are reports that the Federal Bureau of Investigation (FBI) of the United States is looking into the Estonia-based 3Commas data breach that exposed thousands of connected API keys.

The inquiry got underway when 3Commas CEO Yuriy Sorokin verified the reliability of the publicly accessible database of 3Commas APIs. He had denied any such hack had occurred and even dubbed the previously exposed API datasets fraudulent.

Late in October, when FTX, a functioning cryptocurrency exchange, issued a security alert in response to an unlawful trade from a client account, worries about 3Commas’ security protocols first surfaced.

The Estonian business said that even though FTX and 3Commas came to the conclusion that the hackers created a 3Commas account to carry out the illegal trade, “the API keys were not taken from 3Commas but from outside of the 3Commas platform.”

Sorokin confirmed that 3Commas had “concrete proof that phishing was at least in some part a contributory cause” contributing to users’ losses in a subsequent blog post.

According to the crypto-focused newspaper, the 60-member 3Commas victim group reportedly addressed the US Secret Service and other law enforcement organizations previously with concerns about their lost cryptocurrency.

The most recent 3Commas scandal began when an unknown Twitter user uploaded a database of the stolen 3Commas API online. 100,000 KuCoin and Binance API keys connected to 3Commas were included. Earlier, 3Commas claimed that the platform’s security was unaffected and that the APIs were exposed as a result of phishing. Many people have now drawn attention to the internal involvement in these API violations.

However, Sorokin refuted these allegations on Thursday: “3Commas stresses that it has found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data.”

“Since becoming aware of the suspicious activities taking place, we immediately launched an internal investigation. We will continue with the investigation in the light of the new information and also notify law enforcement authorities accordingly.”

In addition, the most recent API breach on the open platform scared other crypto heavyweights, leading Binance CEO Changpeng Zhao to publicly caution users to turn off their 3Commas API.

A user’s account was terminated by Binance earlier this month after they reported losing money as a result of an API compromise. But Binance refused to pay the customer back, claiming that the exchange could not verify the losses.