3Commas API leak victims demand refunds and apology for 'gaslighting' users

Published at: Dec. 29, 2022

Victims of the 3Commas API leak are calling for refunds and an apology from the crypto trading platform for being gaslighted over the whole ordeal.

The past couple of months have seen an ongoing back and forth between 3Commas and supposed victims of unauthorized trades coming from their accounts.

3Commas and its CEO Yuriy Sorokin had strongly denied any hack or breach had taken place and had refuted there could have been an inside job from an employee gone rogue. Instead, it suggested any leaked APIs were the result of customers being phished.

you gonna delete these? pic.twitter.com/BwbJkJy8oC

— Daniel Roberts (@readDanwrite) December 28, 2022

On Dec. 28 however, Sorokin finally admitted there had been a sizeable API leak from the firm after confirming a database of API keys shared by a hacker was legitimat

“We saw the hacker’s message and can confirm that the data in the files is true. As an immediate action, we have asked that Binance, Kucoin, and other supported exchanges revoke all the keys that were connected to 3Commas.”

“We did everything that we could to investigate an inside job, as it was always a possible scenario and on our watch list, but proof of an inside job was not found,” Sorokin added.

The community has been left bewildered by this surprise admission considering 3Commas had previously labeled customer reports of a leak as “false rumors shared by bad faith actors using falsified evidence,” on Dec. 11.

“Just a reminder: For the last 2 months, you have blamed the victims of the hack. You have defamed the victims as ‘bad faith actors’ and alleged they ‘falsified evidence’, when it turns out 3Commas was the ones who were the bad faith actors, lying and falsifying evidence,” wrote Twitter user @Pledditor.

Related: 400M Twitter users’ data is reportedly on sale in the black market

While popular crypto trader CoinMamba tweeted that “you kept lying and saying this was our fault instead of taking responsibility and prevented [sic] further exploits. Are you going to refund the users now?”

“Congrats you morons are what’s wrong with the space,” blockchain sleuth ZachXBT chimed in, after he had been posting about the API leak for weeks.

4/ 3Commas finally acknowledged the leak but the damage had already been done. For weeks they have been blaming its users and accepting zero responsibility.Make sure to never give incompetent clowns like @3commas_io your business ever again. https://t.co/LyNvar7LST pic.twitter.com/RkS6ZgCZEN

— ZachXBT (@zachxbt) December 28, 2022

The responding comments were just as aggressive on the 3Commas tweet confirming the leak, with user @turgut_oztunc noting that: “You are really funny guys. We will see [you in] the court if you don't recover our funds asap.“

This whole company should be held accountable and shut down immediately

— çгчpтåvэłî (@cryptaveli) December 28, 2022
Tags
Business
Hacks
Hackers
Twitter
Api
Related Posts
Justin Sun Offers $1 Million Bounty in Exchange for Twitter Hackers
After a massive number of Twitter accounts were hacked on July 15, one of the affected, Tron founder Justin Sun, put a bounty on the heads of those responsible. Tron's founder will give $1 million to the person or persons responsible for tracking down the hackers and providing pertinent data on the situation, Sun, CEO of BitTorrent and Founder of TRON told, Cointelegraph. Sun added: “We are working closely with Twitter to resolve this issue immediately and return our accounts to normal. We are always vigilant in the handling our accounts; operating safely and responsibly -- taking the security of …
Business / July 15, 2020
$250K bounty 'not too low to be insulting,' says Coinbase white hat hacker
On February 11th, two days before the Super Bowl and Coinbase’s $14 million color-changing QR code advert, an engineer was desperately trying to reach out to Coinbase management and the development team. Anyone here can get me a direct line with someone at @coinbase , preferably management or dev team, possibly @brian_armstrong himself? I'm submitting a hacker1 report but I'm afraid this can't wait. Can't say more either, this is potentially market-nuking. DMs open. — Tree of Alpha (@Tree_of_Alpha) February 11, 2022 Tree of Alpha had discovered “a flaw in the new Advanced Trading feature would have allowed a malicious …
Adoption / Feb. 21, 2022
FTX to give a 'one-time' $6M compensation to phishing victims
Cryptocurrency exchange FTX will provide around $6 million in compensation to victims of a phishing scam that allowed hackers to conduct unauthorized trades on certain FTX users’ accounts. FTX founder and CEO Sam Bankman-Fried posted in a Twitter thread on Oct. 23 that the exchange generally doesn’t award compensation to its users “phished by fake versions of other companies in the space” but in this case, it would compensate users. Bankman-Fried said that this was a “one-time thing” and FTX would “not do this going forward.” “THIS IS NOT A PRECEDENT,” he wrote, clarifying it was only the accounts of …
Business / Oct. 24, 2022
LastPass data breach led to $53K in Bitcoin stolen, lawsuit alleges
A class action lawsuit has been filed against password management service LastPass following a data breach from Aug. 2022. The class action was filed with the U.S. district court of Massachusetts on Jan. 3, by an unnamed plaintiff known only as “John Doe” and on behalf of others similarly situated. It alleges that the data breach of LastPass has resulted in the theft of around $53,000 worth of Bitcoin. The plaintiff claimed he began accruing BTC in Jul. 2022 and updated his master password to more than 12 characters using a password generator, as recommended by the LastPass “best practices.” …
Business / Jan. 5, 2023
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023