Cyber security firm BlueVoyant has joined the API key attack investigation
JAN 20, 2023
2 MIN
- All
- Analytics
- Technical Analysis
- Trading
- Blockchain
- DeFi
- Guides
- Company News
- Educational
- Opinion
- Price Predictions
- Tools
- Market News
- News
- Trading cases
- Practical guides
- Exchanges
- Trading signals
- Cryptocurrency
- Crypto bots
- Other
Become a crypto master
Become a crypto master
Learn everything about crypto,
trading and bots
Learn everything about crypto,
trading and bots
Notice on API data disclosure incident
DATE PUBLISHED: DEC 29, 2022
DATE UPDATED: JUN 4, 20257 MIN
Notice on API data disclosure incident
On 28 December 2022 there was a post made on the Pastebin website, that has since been taken down, from a supposed hacker claiming that they had got access to API data stored in 3Commas’ database. 3Commas can confirm that 3Commas first found out about the hacking and the hacker’s statement from the same Pastebin post as the rest of the 3Commas community. This notice provides details about the incident, our response, and description of the measures taken by us so far.
What does this mean? What should users do?
At this point, 3Commas can unfortunately confirm that some of 3Commas’ users’ API data (API keys, secrets and passphrases) have been disclosed by a third party. Currently and to the best of our knowledge only API data have been disclosed as part of this incident. As a likely consequence the hacker(s) may use or may have used the API data to connect your exchange accounts to his/their account and/or initiate unauthorized trades.
Since becoming aware of the supposed hacker's Pastebin post, we have requested that Binance, KuCoin and other supported exchanges revoke all keys that were connected to 3Commas. We strongly recommend every user to reissue an API key they have currently connected to an exchange. If you need help with updating your API keys, please check the following guide: https://help.3commas.io/en/articles/3166090.
What we are doing
3Commas acknowledges that in the Pastebin post the hacker alleged in a way that some 3Commas’ employee has sold to them the above-mentioned user data. 3Commas is investigating this allegation seriously through all possible means, also engaging law enforcement authorities accordingly. However, 3Commas stresses that it has found no evidence during the internal investigation that any employee of 3Commas was somehow involved in attacks against the API data. Obviously, it is also in 3Commas’ interest to find out whether any employee has committed those acts alleged by the hacker. Therefore, it is to be hoped that further investigations will clarify all the details behind the attack and identify the perpetrators who are responsible for the damage caused. We urge all the users affected by the attacks to contact their local police and/ or Estonian legal authorities as it may help them to carry out their investigations and identify the perpetrators.
We acknowledge that in our previous communications we suggested that the attacks most likely resulted from phishing, malware or any activity intended to cause disruption to our infrastructure. We conducted rigorous internal investigations which did not provide us with proof of compromised codes or breaches in our systems and servers nor evidence that we had bad actors among our employees. At that time the only reasonable information we had gathered pointed to phishing or other software disruption activity and hence we took actions to notify our users in regard to that issue.
In addition to the actions already taken and explained in our posts and statements so far, we will continue to optimize and enhance the security measures. Among those, on 16 November 2022 we implemented the new Sign Center. We created it in response to the attacks on exchange accounts that began in October. As a result of the implementation of the new Sign Center the access to API keys has been limited even further. We are going to publish a detailed article explaining fully how Sign Center works in the near future.
Please note however, that in the meantime, our services are running normally, and we will continue to operate in a state of heightened alert.
Contact information
If you have any questions regarding this notice, the incident or require assistance, please contact 3Commas’ support or write to support@3commas.io.
We regret that such an incident and attacks have taken place. We are committed to keeping you informed of our findings and updating you on the actions we are taking as much as possible.
We thank you for your support and patience while we work through the investigation. We will continue to provide updates as we learn more.
Sincerely,
Yuriy Sorokin
3Commas' CEO
2025 Update: Continued Commitment to API Key Security and Infrastructure Transparency
As of 2025, 3Commas as a software provider has implemented a series of infrastructure and security improvements in response to past incidents involving unauthorized use of API keys. These enhancements reflect both internal lessons learned and the evolution of best practices across the broader automated crypto trading ecosystem.
Strengthening API Key Integrity
We now enforce stricter encryption standards, isolate API key environments, and apply rate-limiting and behavioral analytics to flag and prevent unusual account activity. Additionally, every API integration via 3Commas now undergoes real-time verification against known exchange-side key restrictions—such as IP whitelisting requirements, key permissions, and expiration policies—to reduce attack surface and ensure user control.
These efforts are foundational for protecting accounts that use tools like ai bot crypto trading solutions and auto crypto trading bots, which often run continuously and require uninterrupted access to exchange APIs.
User Controls and Monitoring
Advanced user-facing controls allow traders to:
- Receive real-time alerts for API-related events
- View detailed logs of each integration's activity
- Instantly revoke and reauthorize API keys within the 3Commas interface
We’ve also added automated audit recommendations that guide users in applying optimal settings based on their trading activity and exchange-specific security practices—whether they’re using a dca bot, a signal trading bot, or a grid trading bot.
Transparency Going Forward
The original 2022 disclosure was a pivotal moment that shaped how we approach both incident communication and preventative architecture. Today, 3Commas prioritizes early detection, fast response, and open disclosure when risks are identified. All engineering processes now include external review by third-party security auditors.
These developments align with our ongoing mission to provide professional traders and asset managers with secure, automation-ready tools—whether they’re deploying a crypto ai bot, an ai trading bot crypto setup, or any other automated cryptocurrency trading bot—across a diverse and fast-evolving market landscape.
