3Commas releases an investigation update on a recent API-key exchange attack, which saw many altcoins contra-traded in Binance.
3Commas updates on ‘hack’ investigation
3Commas, the crypto trading bot company, has issued updates on its recent investigation into a possible API-key exchange attack against users and affecting exchanges such as Binance. In the update, the crypto trading bot firm reveals more details on the ‘hack’ which raised concerns after users suffered losses due to an exchange APIs attack.
According to 3Commas’ new findings, on 21st October, the firm’s technical team revealed several malicious orders with counter-trades placed to drain user account balances. The attackers used API keys on most exchange accounts linked to various crypto exchanges. The API keys the hackers used included keys from Binance and FTX, while some were from the 3Commas platform. 3Commas further speculates that the hackers could have gathered the API details long before attacking users’ accounts.
Users had already reported cases of malicious activities, with some revealing potential phishing claims from the attackers. As 3Commas would find, phishing could be a factor considering live fake websites are still running. Other users are still skeptical of phishing claims asking 3Commas to provide evidence of users getting phished.
Despite a potential breach, 3Commas remains adamant that no API keys were compromised on their database. Meanwhile, forty-eight active 3Commas users were affected by the API attacks on 3Commas channels.
3Commas looks to save its reputation
3Commas’ new report updates focus on protecting the crypto firm’s reputation as a reliable trading bot company. Upon review, 3Commas reveals no unauthorized trades or log-ins happened from the platform’s end. The firm also reveals a study of its codebase and user interface shows no incidents of API secret critical breaches.
Also, the breach impacted 0.02% of 3Commas API keys out of the 1 million active ones in the firm’s database. Currently, 3Commas urges its affected users to contact their support team if suspicious activity is evident. The crypto trading bot firm also requests affected users to contact local law enforcement and file cases against the bad actors.
Binance downplays hacking rumors
Binance customers were among the crypto exchange users said to have reported unauthorized trade initiated through the API keys. On 31st October, 3Commas reported Binance contacting its support team of suspicious activities on Binance customers posting multiple buys and sell orders.
However, Binance has downplayed the suspicious activity as a potential case of compromised crypto accounts or stolen API keys.The CEO of Binance commented, saying:
“Based on our investigations so far, this appears to be just market behavior. We temporarily locked withdrawals on some of the profiting accounts.”
From the investigation, Binance has decided to take precautions and safeguard users’ crypto funds with countermeasures such as temporarily locking the affected accounts. Additionally, 3Commas said it works closely with the Binance team and agreed that old keys not used for more than three months would be revoked.