According to CoinDesk, the FBI is looking into the 3Commas data leak. Users of the Estonia-based crypto trading service have been critical of the company’s CEO for weeks, claiming that he ignored repeated warnings that the platform was leaking customer data. This has prompted the inquiry.
This week, an unknown source exposed API keys for 100,000 3Commas accounts on Binance and KuCoin. CoinDesk reported that two 3Commas users had been reached by the FBI’s Cincinnati Field Office about the breach.
Dozens of 3Commas users have recently discovered that the service has been trading away cash on cryptocurrency exchanges they connected to without their knowledge or permission. Early on, 3Commas claimed that the security concerns expressed by these users resulted from a phishing attack.
1. Statement from 3Commas:
We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.
— Yuriy Sorokin (@YS_3Commas) December 28, 2022
Though the leaker of the API database suggested that an employee had sold the 3Commas keys, the company’s CEO Yuriy Sorokin broke the silence on Thursday. 3Commas stressed that it had found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data.
In the past, a group of about 60 3Commas victims contacted the United States Secret Service and other law enforcement organisations to inquire about the disappearance of their money. Edmundo (Mundy) Pena, the organisation’s leader, informed CoinDesk that they had lost more than $20 million.