Notice on API data disclosure incident

DATE PUBLISHED: DEC 29, 2022
5 MIN
DATE UPDATED: DEC 29, 2022

Notice on API data disclosure incident

On 28 December 2022 there was a post made on the Pastebin website, that has since been taken down, from a supposed hacker claiming that they had got access to API data stored in 3Commas’ database. 3Commas can confirm that 3Commas first found out about the hacking and the hacker’s statement from the same Pastebin post as the rest of the 3Commas community. This notice provides details about the incident, our response, and description of the measures taken by us so far.

What does this mean? What should users do?

At this point, 3Commas can unfortunately confirm that some of 3Commas’ users’ API data (API keys, secrets and passphrases) have been disclosed by a third party. Currently and to the best of our knowledge only API data have been disclosed as part of this incident. As a likely consequence the hacker(s) may use or may have used the API data to connect your exchange accounts to his/their account and/or initiate unauthorized trades. 

Since becoming aware of the supposed hacker's Pastebin post, we have requested that Binance, KuCoin and other supported exchanges revoke all keys that were connected to 3Commas. We strongly recommend every user to reissue an API key they have currently connected to an exchange. If you need help with updating your API keys, please check the following guide: https://help.3commas.io/en/articles/3166090.

What we are doing

3Commas acknowledges that in the Pastebin post the hacker alleged in a way that some 3Commas’ employee has sold to them the above-mentioned user data. 3Commas is investigating this allegation seriously through all possible means, also engaging law enforcement authorities accordingly. However, 3Commas stresses that it has found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data. Obviously, it is also in 3Commas’ interest to find out whether any employee has committed those acts alleged by the hacker. Therefore, it is to be hoped that further investigations will clarify all the details behind the attack and identify the perpetrators who are responsible for the damage caused. We urge all the users affected by the attacks to contact their local police and/ or Estonian legal authorities as it may help them to carry out their investigations and identify the perpetrators. 

We acknowledge that in our previous communications we suggested that the attacks most likely resulted from phishing, malware or any activity intended to cause disruption to our infrastructure. We conducted rigorous internal investigations which did not provide us with proof of compromised codes or breaches in our systems and servers nor evidence that we had bad actors among our employees. At that time the only reasonable information we had gathered pointed to phishing or other software disruption activity and hence we took actions to notify our users in regard to that issue.

In addition to the actions already taken and explained in our posts and statements so far, we will continue to optimize and enhance the security measures. Among those, on 16 November 2022 we implemented the new Sign Center. We created it in response to the attacks on exchange accounts that began in October. As a result of the implementation of the new Sign Center the access to API keys has been limited even further. We are going to publish a detailed article explaining fully how Sign Center works in the near future.

Please note however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.

Contact information 

If you have any questions regarding this notice, the incident or require assistance, please contact 3Commas’ support or write to [email protected].

We regret that such an incident and attacks have taken place. We are committed to keeping you informed of our findings and updating you on the actions we are taking as much as possible. 

We thank you for your support and patience while we work through the investigation. We will continue to provide updates as we learn more. 

Sincerely,

Yuriy Sorokin

3Commas' CEO

Free access for 3 days

Free access for 3 days

Full-access to PRO plan

Full-access to PRO plan