RE: False Rumors of API Leaks or Exposure of our Database

Dear traders, 

Many of you have read the recent tweets about 3rd party API and mentions of 3Commas in a negative light. Those tweets refer to the phishing attack that started in October, 2022 and the bad actors are still trying different phishing techniques.  

Right now, what we’re seeing is a lot of fear and uncertainty in the crypto community because people are not getting clear answers, and misinformation is also being spread. I fully understand why users are feeling this pain right now, and my company is doing everything we can to help. If you have any questions, please join the conversations happening on the official 3Commas channels. Communication and transparency are critical right now, and my team is going to answer your questions to the best of our abilities with the most current information.  

I’m going to provide as much clarity as I can, with the goal of assisting 3Commas users, and the crypto community as a whole, with understanding what these attacks are and how we can stop them. A total of forty-eight confirmed 3Commas customers out of our active user base of over 100,000 have been affected.

We’re currently conducting a joint investigation with our exchange partners, particularly Binance, and we have determined there have been no breaches of 3Commas' account security and API encryption systems, or the account security and API encryption systems of our partner exchanges. 

Bad actors obtained the exchange API keys of some crypto traders using a variety of phishing methods and also potentially compromised the security of users’ personal computers via malware and browser extensions to access their files storing their keys. Many of the victims were not 3Commas customers, and used some other trade automation service to attack the exchanges. The wide number of exchanges and trade automation services involved provides strong evidence that this is a sophisticated multi-month phishing attack executed by a criminal organization targeting individual crypto traders. 

As a solution to this, 3Commas is currently doing the following:

• Developing a solution for even more secure key storage for our users
• Working with exchanges to implement white-listing, which we’ve already done with OKX, Bybit, and Kucoin 

What you need to do if your accounts have not been affected:

• Users should refresh their API keys for every exchange and use Fast Connect where available, like that offered by Binance
• Enable 2FA for every exchange and service you use
• Change all your passwords
• Make sure you’re typing in the URL of every site you’re interacting with

What you need to do if your believe there have been unauthorized trades on your exchange account: 

• Delete your API keys
• Change your passwords
• Contact support for that exchange

You can find additional details in our Post Mortem, which we will be updating with more information about who was affected and how. 

FAQ for 3Commas Traders 

Is 3Commas in danger due to Alameda Research failing? 

NO. We are well funded and what is happening in the market will not impact us or the company immediately. Alameda Research was one of our early investors and we already have the funding in accounts that can’t be withdrawn by Alameda. They had a minority equity stake, so 3Commas has no ownership or funding crisis due to their collapse. We want to issue the Alameda shares to new investors but we are still waiting for a response from Alameda. We have been trying to reach them but no response so far.

Has 3Commas leaked APIs?

NO. This is a completely baseless accusation being floated by individuals on social media who don’t understand how API key encryption actually works. It’s far more complicated than getting a manager’s password and stealing a bunch of credit card data from the poorly secured system of a large retailer or credit reporting agency.

Can you give an example of the fake sites used by the phishers?

There are still several phishing websites that are trying to copy our website and mislead them into sharing their API keys. We have raised the Google team on and are working with them to take these sites down. Here is a list of some examples of site URLs the phishers used between July and Nov 2022.