Earlier this week, an unnamed source revealed that the Federal Bureau of Investigation (FBI) is investigating the 3Commas data breach.
The Estonian crypto trading platform 3Commas made headlines after users complained of leaked APIs that led to massive losses. 3Commas CEO Yuriy Sorokin constantly brushed off the warning signs claiming phishing attacks on users caused the leakage.
FBI probes 3Commas data breach
During the week, an anonymous hacker broadcasted 100,000 3Comma API keys used to trade in Binance and KuCoin. In a quick response, CEO Sorokin released a statement confirming the authenticity of the APIs shared by the supposed hacker.
The statement deviated from the earlier stand of the company in which Sorokin had accused the users of perpetuating falsehood. After the admission of responsibility, victims asked for a refund and apologies.
In the statement, Sorokin acknowledged that the shared APIs were authentic and asked Binance, Kucoin and all other exchanges to invalidate keys connected to 3Commas.
Concerns on the security of API keys in 3Comma started in late October after a 3Comma customer raised concerns about an unauthorised trade in FTX. The security issue concluded when 3Commas and FTX indicated that the hacker conducted a malicious trade through a 3Commas account.
The investigation by 3Commas indicated that the APIs did not originate from 3Commas but from a malicious platform. On Thursday, two traders from 3Commas revealed their encounter with FBI agents from Cincinnati Field Office in relation to the API leaks.
The initiative by the FBI comes after dozens of users complained about unauthorised trades in their accounts leading to losses. Initial reports from 3Commas indicated that hackers used phishing to get into users’ accounts since their platform was secure.
Inside job: Hacker says API keys sold by insider
According to the hacker who leaked the API database, the 3Commas keys were sold to them by a person inside the company. In a statement released on Thursday, the 3Commas CEO Yuriy Sorokin refuted the claims and insisted there was a lack of evidence for the inside job claim.
Sorokin assured the community that an internal investigation launched after the leak did not find any inside person culpable. He also indicated intentions of involving the law enforcers in case of new development. Recently, about 60 3Comma users formed a group and implored the US Secret Service and other agencies tasked with law enforcement to investigate the matter.
They wanted to understand how funds went missing from their accounts without their knowledge. Edmundo alias Mundy, who is heading the group, revealed that the accumulated losses amount to more than $20 million. 3Commas and the FBI have not released any official statements regarding the investigation.