Cryptocurrency trading platform 3Commas on Thursday said it was the source of an Application Programming Interface (API) leak that led to several hacks.
The hacks resulted in digital currencies worth $22 million being siphoned from a group of traders, according to Decrypt.
The victims had linked their trading accounts to the automated trading platform using the exchange API keys.
In a series of tweets, the company’s co-founder Yuriy Sorokin stated that 3Commas had discovered "unauthorized access to a limited number of API keys" and that it had taken steps to secure its systems and prevent further unauthorized access.
According to the company, the hack was discovered on Tuesday, and it immediately launched an investigation and notified relevant authorities.
Detailed Info On Number Of API Keys Compromised Unavailable
3Commas assured its users that their funds were safe and that it was working to determine the extent of the breach.
The company has not yet released any information on the number of API keys that were compromised or the extent of the damage caused by the hack.
It has advised users to take additional precautions, such as enabling two-factor authentication and using strong, unique passwords for their accounts.
Photo via Pixabay.
“Since then, we have implemented new security measures and will not stop there; we are launching a full investigation involving law enforcement. We are sorry that this has gotten so far and will continue to be transparent in our communications around the situation,” Sorokin stated.
His comments came after an anonymous individual obtained and published around 100,000 API keys belonging to 3Commas users
This is not the first time that 3Commas has been targeted by hackers.
In 2019, the company suffered a similar breach that resulted in the theft of over $5 million in cryptocurrency.
The incident first came to light after online crypto sleuth ZachXBT revealed that an anonymous individual obtained and published around 100,000 API keys belonging to 3Commas users.
1/3 Over the past couple of weeks a number of @3commas_io users have reported unauthorized trades on their CEX accounts.
3Commas blames it on “phishing” but I now have verified a group of 44 victims who’ve had $14.8m in total stolen. pic.twitter.com/49K28a5Pf8
— ZachXBT (@zachxbt) December 20, 2022